Lucene search
+L

164 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:8 p.m.11 views

CVE-2020-13998

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

7.5CVSS7AI score0.01389EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.8 views

CVE-2020-13265

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification...

5.3CVSS6.5AI score0.00726EPSS
Exploits0
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

WordPress AHAthat plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AHAthat plugin, which stems from the WEB application not adequately verifying that a request is coming from a...

4.3CVSS6.9AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14572 · Yubico · Yubikey

Name of the Vulnerable Software and Affected Versions: Yubico YubiKey versions 5.4.1 through 5.7.3 Description: The issue is related to an incorrect implementation of the FIDO CTAP PIN/UV 2 authentication protocol. Specifically, it uses the signature length from the CTAP PIN/UV 1 protocol, even...

2.2CVSS6.3AI score0.00115EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/03 12:0 a.m.26 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS0.99947EPSS
Exploits18References2
CVE
CVE
added 2025/03/20 10:9 a.m.47 views

CVE-2024-10366

The CVE-2024-10366 vulnerability affects danny-avila/librechat v0.7.5-rc2, where the delete-attachments endpoint does not verify that the attachment ID belongs to the current user. This IDOR allows any authenticated user (low privileges) to delete attachments of other users, with a network-style ...

7.6CVSS7.4AI score0.00345EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/07 1:44 a.m.17 views

CVE-2025-0748 Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...

4.3CVSS0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/07 1:44 a.m.9 views

CVE-2025-0748 Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...

4.3CVSS6.6AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.9 views

PT-2025-5899 · Nextend · Nextend Social Login Pro

Name of the Vulnerable Software and Affected Versions: Nextend Social Login Pro versions up to, and including, 3.1.16 Description: The issue is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS8.8AI score0.0064EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.6 views

CVE-2024-50945

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product...

6.8AI score0.00603EPSS
Exploits0References3
NVD
NVD
added 2024/11/23 4:15 a.m.35 views

CVE-2024-10961

The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS0.0117EPSS
Exploits0References3
NVD
NVD
added 2024/11/06 7:15 a.m.17 views

CVE-2024-10020

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...

8.1CVSS0.00504EPSS
Exploits0References2
CVE
CVE
added 2024/11/05 8:31 a.m.67 views

CVE-2024-10114

CVE-2024-10114 – WooCommerce - Social Login (WordPress) Affected product: WooCommerce - Social Login plugin for WordPress.Vulnerability: authentication bypass due to insufficient verification on the user returned by the social login token (root cause: token user verification flaw).Impact (per sou...

8.1CVSS8.2AI score0.00524EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/05 8:31 a.m.15 views

CVE-2024-10114 Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as...

8.1CVSS8.2AI score0.00524EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/05 6:42 a.m.27 views

CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

8.1CVSS0.00666EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/26 12:32 p.m.27 views

CVE-2024-9501 Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass via WordPress.com OAuth provider

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated...

9.8CVSS0.00782EPSS
Exploits0References3
CVE
CVE
added 2024/10/26 12:32 p.m.70 views

CVE-2024-9501

CVE-2024-9501 is a high-severity authentication bypass in the WordPress plugin “WP Social Login and Register Social Counter” (

9.8CVSS9.7AI score0.00782EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/25 5:35 a.m.27 views

CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS0.0081EPSS
Exploits0References3
CVE
CVE
added 2024/10/08 8:33 a.m.61 views

CVE-2024-8943

CVE-2024-8943 affects the WordPress LatePoint plugin, versions up to and including 5.0.12, enabling an authentication bypass due to improper verification of the user supplied during the booking step. Unauthenticated attackers could log in as any existing user (e.g., an administrator) if the site ...

9.8CVSS9.7AI score0.03054EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/04 2:33 p.m.27 views

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

6.9CVSS0.00508EPSS
Exploits0References2
Rows per page
Query Builder