80 matches found
mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...
OESA-2025-1444 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...
OESA-2025-1443 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...
mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...
AZL-61786 CVE-2025-31492 affecting package mod_auth_openidc 2.4.14.2-2
modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...
DEBIAN-CVE-2025-31492
modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...
AZL-59592 CVE-2025-31492 affecting package mod_auth_openidc 2.4.14.2-1
modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...
UBUNTU-CVE-2025-31492
modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...
CVE-2024-44223
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window...
CVE-2024-44223
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from an information disclosure vulnerability that can be exploited by an attacker to view protected content from a login window...
PT-2024-31052 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.1 Description: This issue was addressed through improved state management. An attacker with physical access to a Mac may be able to view protected content from the Login Window. Recommendations: For versions prior t...
CVE-2024-47819
CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
CVE-2024-2093
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content...
VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access
Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...
CVE-2024-1769
The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...
PT-2024-18290 · WordPress · Jm Twitter Cards
Name of the Vulnerable Software and Affected Versions: JM Twitter Cards plugin for WordPress versions up to, and including, 12 Description: The issue allows unauthenticated attackers to view password protected post content when viewing the page source, due to Information Exposure via the meta...
CVE-2024-0909
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...
CVE-2024-0909
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticat...