CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

CVE-2022-35947

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...

CVE-2025-35433

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1...

CVE-2025-35433 CISA Thorium does not properly invalidate previously used tokens

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1...

Linux Distros Unpatched Vulnerability : CVE-2022-35947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...

CVE-2025-8853

CVE-2025-8853 concerns the Official Document Management System by 2100 Technology, which has an authentication bypass vulnerability. An unauthenticated remote attacker can obtain a user’s connection token and use it to log in as that user, enabling full access. CVSS metrics indicate CRITICAL impa...

CVE-2025-47781

CVE-2025-47781 targets Rallly, an open-source scheduling tool. A 6-digit login token with weak entropy and no brute-force protection lets an unauthenticated attacker, knowing a valid email, brute-force the token within 15 minutes, potentially taking over the user’s account. Affected versions: up ...

This Week in Sprng - April 1st, 2025

Hi, Spring fans! Welcome to another exciting installment of This Week in Spring! It's April Fools day, so be wary of things you read on the internet, but it's also the 11th anniversary of Spring Boot 1.0, which was released this day in 2014! that's not an April Fools. Happy birthday! I'm in...

DEBIAN-CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

CVE-2024-50488

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through = 1.0.3...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Priyabratasarkar Token_Login

CVE-2024-50488 Token Login = 1.0.3 - Authenticated Subscr...

CVE-2024-50488

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through = 1.0.3...

CVE-2024-50488

Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3...

CVE-2024-50488 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through = 1.0.3...

CVE-2024-50488 WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through = 1.0.3...

CVE-2024-50488

CVE-2024-50488: Token Login for WordPress (Priyabrata Sarkar) up to version 1.0.3 suffers an authentication bypass via an alternate path/channel. Affected plugin is Token Login; impact is high (attacker with subscriber privileges can log in as other users). Public references corroborate a broken ...

WordPress plugin Token Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Toke...

PT-2024-34265 · Unknown · Priyabrata Sarkar Token Login

Name of the Vulnerable Software and Affected Versions: Priyabrata Sarkar Token Login versions 1.0.3 and earlier Description: The issue allows for authentication bypass using an alternate path or channel. This can lead to unauthorized access. Recommendations: For Priyabrata Sarkar Token Login...

WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Token Login versions = 1.0.3...

WordPress Token Login Plugin <= 1.0.3 is vulnerable to Broken Authentication

Software Token Login Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50488 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 18531b1d1720 Credits stealthcopte...