154 matches found
Turtek Eyotek 安全漏洞
Turtek Eyotek is a cloud-based educational institution management system from Turtek Turkey. A security vulnerability exists in Turtek Eyotek versions prior to 11.03.2025, which stems from bypassing authorization via a user control key and could lead to the exploitation of trusted identifiers...
CVE-2024-13175
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing. This issue affects VOC TESTER: before 12.41.0...
CVE-2025-4513
A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...
CVE-2025-4513
A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...
CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect
A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...
CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect
A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...
CVE-2025-4513
CVE-2025-4513 affects Moodle’s Catalyst User Key Authentication Plugin (version 20220819). The issue is an open redirect in the Logout component (/auth/userkey/logout.php) caused by manipulation of the return parameter. It can be exploited remotely, and public exploits have been disclosed. The ve...
PT-2025-20639 · Moodle · Catalyst User Key Authentication Plugin
Name of the Vulnerable Software and Affected Versions: Catalyst User Key Authentication Plugin version 20220819 Description: A vulnerability was found in the Catalyst User Key Authentication Plugin on Moodle, affecting an unknown functionality of the file /auth/userkey/logout.php of the component...
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle, which allows a perpetrator to trigger a service failure.
The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle relates to bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow a malicious actor to trigger a service failure...
Linux Distros Unpatched Vulnerability : CVE-2011-4110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The userupdate function in security/keys/userdefined.c in the Linux kernel 2.6 allows local users to cause a denial of service NULL pointer dereference and kern...
WordPress plugin Nirweb support 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2024-42422
Dell NetWorker, versions 19.10, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool allows a perpetrator to interact with resources of other organizations.
The vulnerability of the administration interface of the Fortinet FortiPortal security analysis and management tool involves bypassing authentication using a user-controlled key. Exploiting this vulnerability allows a malicious actor to interact with resources of other organizations by sending...
PT-2024-7151 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks...
WordPress plugin Zephyr Project Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Exploit for Use of Password Hash With Insufficient Computational Effort in Redhat Enterprise_Linux
CVE-2024-3183-POC POC for CVE-2024-3183 FreeIPA Rosting Imp...
CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...
PT-2024-5550 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a...
Fortinet FortiPorta Security Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal that stems from the presence of a...