744 matches found
CVE-2023-40797
In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
EUVD-2025-205861
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without...
CVE-2025-15114 Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability
Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...
PT-2025-54262
Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description A critical security flaw exists that exposes the alarm system PIN in the basisInfo XML file after authentication. An attacker can retrieve the PIN from the server response and...
CVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...
CVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...
CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...
CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...
CVE-2019-25258
LogicalDOC Enterprise 7.7.4 is affected by post-authentication file disclosure vulnerabilities. The issue arises from insufficient validation of suffix and fileVersion parameters, enabling directory traversal in the /thumbnail and /convertpdf endpoints to read arbitrary files (e.g., win.ini, /etc...
PT-2025-53344
Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple post-authentication file disclosure issues that allow attackers to read arbitrary files through unverified suffix and fileVersion parameters. Attackers can exploit...
PT-2025-52343
Name of the Vulnerable Software and Affected Versions phpMsAdmin version 2.2 Description A Reflected Cross-Site Scripting XSS issue exists in the database mode.php file. After a user is authenticated, an attacker can execute arbitrary web script or HTML via the dbname parameter. Recommendations...
Linux Distros Unpatched Vulnerability : CVE-2025-14345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies...
PT-2025-50766
Name of the Vulnerable Software and Affected Versions KodExplorer version 4.52 Description KodExplorer 4.52 contains an open redirect issue in the user login page. Attackers can manipulate the link parameter to redirect users to arbitrary external websites after authentication. The vulnerable...
FreeBSD : MongoDB Server -- Improper Locking (c11e0878-d6a8-11f0-8e1b-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c11e0878-d6a8-11f0-8e1b-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-106075 reports: A post-authenticationflaw in the network two-pha...
EUVD-2025-201945
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
UBUNTU-CVE-2025-14345
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
CVE-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...
PT-2025-49980
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.2.2 Description A flaw exists in the network two-phase commit protocol used for cross-shard transactions. This issue can lead to...