113 matches found
CVE-2025-54127
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
GHSA-F38F-JVQJ-MFG6 NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
PT-2025-30344 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAXcms versions prior to 11.0.7 Description: HAXcms with a nodejs backend allows users to start the server in any HAXsite or HAXcms instance. The NodeJS version of HAXcms, in versions 11.0.6 and below, uses an insecure default configuration...
CVE-2025-3319
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...
CVE-2025-3319 IBM Spectrum Protect Server authentication bypass
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...
CVE-2025-3319
IBM Spectrum Protect Server versions 8.1–8.1.26 are affected by an authentication bypass due to improper session authentication, potentially enabling access to unauthorized resources. The IBM security bulletin (CVE-2025-3319) confirms the issue and lists AIX/Linux/Windows platforms; remediation i...
CVE-2025-3319 IBM Spectrum Protect Server authentication bypass
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...
PT-2025-26329 · Ibm · Ibm Spectrum Protect Server
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Server versions 8.1 through 8.1.26 Description: The issue is related to improper session authentication, which can allow an attacker to bypass authentication. This can result in access to unauthorized resources...
CVE-2020-25165
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the ...
CVE-2025-30351 Suspended Directus user can continue to use session token to access API
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...
Broadcom Symantec Privileged Access Management 安全漏洞
Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...
PT-2024-31393 · Ory · Ory Kratos
Name of the Vulnerable Software and Affected Versions: Ory Kratos versions prior to 1.3.0 Description: Ory Kratos is an identity, user management, and authentication system for cloud services. The highest available setting incorrectly assumes the identity's highest available Authenticator Assuran...
ca: token authentication bypass vulnerability
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...
CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
Bluetooth Core Specification Man-in-the-Middle Attack Vulnerability
Bluetooth is a popular wireless communication technology. A man-in-the-middle attack vulnerability exists in the Bluetooth Core Specification, which can be exploited by an attacker to compromise session authentication between Bluetooth devices, be able to force a short encryption key length using...
Microsoft Bluetooth Driver 安全漏洞
Bluetooth is a popular wireless communication technology. A man-in-the-middle attack vulnerability exists in the Bluetooth Core Specification, which can be exploited by an attacker to compromise session authentication between Bluetooth devices, be able to force a short encryption key length using...
CVE-2023-40235
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...