81 matches found
Webmin multiple vulnerabilities
RISK EVALUATION Webmin contains multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could impersonate and authenticate as any user. 2. RECOMMENDED PRACTICES Update to most recent available version of Webmin. 3. DESCRIPTION The Webmin HTTP server miniserv.pl allows...
CVE-2026-43873
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...
CVE-2026-10167
A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...
CVE-2026-43873
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...
CVE-2026-41603
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or...
Advantech WISE-DeviceOn Server 安全漏洞
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...
CVE-2025-41108
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...
EUVD-2025-35344
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
EUVD-2013-7014
Malware in sbrugna...
EUVD-2004-0371
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-16886
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and...
PT-2024-6647 · Su +4 · Su +4
Name of the Vulnerable Software and Affected Versions: Authd PAM module versions prior to 0.3.5 Description: The issue is related to errors in privilege management, allowing a remote attacker to gain access to another user's account by executing commands such as su, sudo, or ssh and modifying the...
CVE-2024-40719
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...
CVE-2024-6301
Conduit (federation API) is affected by CVE-2024-6301: lack of origin validation in the federation API allows any remote server to impersonate any user from any server in most EDUs. The vulnerability affects Conduit versions prior to 0.8.0. Root cause: insufficient validation of origin in federat...
PT-2024-3936 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 JetBrains TeamCity versions prior to 2024.03.2...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from improper verification of certificates during authentication using smart cards. This allows a perpetrator to impersonate another user and pass identity verification.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to improper verification of the certificate during authentication using smart cards. Exploiting this vulnerability allows a malicious actor, operating remotely, to bypass the authenticity...
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...
PT-2023-25652 · Grafana +1 · Loki +2
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Grafana authenticated user or from the Loki REST API withou...
PT-2023-32618 · Tyler Technologies · Tyler Technologies Court Case Management Plus
Name of the Vulnerable Software and Affected Versions: Tyler Technologies Court Case Management Plus affected versions not specified Description: The issue allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint...