284 matches found
PT-2026-23735
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the IsCorrectUsernameAndPassword validation. An attacker can cause a victim's browser to initiate a session tied to an account for which the attacker knows the credentials by tricking the victim into...
CVE-2019-25436
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...
CVE-2019-25436 Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to...
Sricam DeviceViewer 安全漏洞
Sricam DeviceViewer is a monitoring video management software developed by Sricam Corporation in China. Version 3.12.0.1 of Sricam DeviceViewer contains a security vulnerability. This vulnerability stems from improper validation of the old password field, which may allow authenticated users to...
CVE-2026-25889
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...
PT-2026-7167
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files. A flaw in the password validation process, specifically a...
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service
Summary The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly...
CVE-2010-0227
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...
CVE-2023-25816
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...
CVE-2023-4816
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
CVE-2021-22221
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...
CVE-2026-21891
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...
EUVD-2026-1670
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000159)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000159 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in...
Improper Authentication
org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to the use of a magic constant during password validation, which allows an attacker to log in as any user by using the crafted magic constant as the password...
CVE-2025-67719
Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...
CVE-2025-67719
Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...