Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

Summary A vulnerability in Zitadel's login V2 interface was discovered, allowing for possible account takeover. Impact Zitadel allows organization administrators to change the default redirect URI for their organization. This setting enables them to redirect users to an arbitrary location after...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...

ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint

Summary A vulnerability was discovered in Zitadel's login V2 interface that allowed a possible account takeover. Impact Zitadel exposes an HTTP endpoint named /saml-post. This endpoint is used for handling requests to SAML IdPs and accepts two HTTP GET parameters: url and id. When these parameter...

PT-2026-23105

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.1 Description ZITADEL, an open source identity management platform, has a flaw in its login V2 interface that could allow for account takeover via Default URI Redirect. An unauthenticated remote attacker can...

GHSA-5MX2-2MGW-X8RM OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)

Summary BlueBubbles webhook auth in the optional beta iMessage plugin allowed a passwordless fallback path. In some reverse-proxy/local routing setups, this could allow unauthenticated webhook events. Affected Component and Scope - Component: extensions/bluebubbles webhook handler - Scope: only...

OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)

Summary BlueBubbles webhook auth in the optional beta iMessage plugin allowed a passwordless fallback path. In some reverse-proxy/local routing setups, this could allow unauthenticated webhook events. Affected Component and Scope - Component: extensions/bluebubbles webhook handler - Scope: only...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

PT-2026-20926

Name of the Vulnerable Software and Affected Versions RUCKUS Network Director versions prior to 4.5.0.56 Description RUCKUS Network Director RND OVA appliances include hardcoded SSH keys for the postgres user. These keys are consistent across all deployments. An attacker with network access can u...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2025-67305

In RUCKUS Network Director (RND) versions prior to 4.5.0.56, the OVA appliance ships hardcoded SSH keys for the postgres user that are identical across deployments. An attacker with network access can SSH in without a password, gain superuser access to the PostgreSQL database, and create administ...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

UBUNTU-CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

CVE-2023-54335

CVE-2023-54335 affects eXtplorer version 2.1.14. The vulnerability is an authentication bypass that allows login without a password by manipulating the login request, enabling attackers to upload malicious PHP files and execute remote commands on the vulnerable file management system. Severity is...

PT-2026-2425

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14 Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...