Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/01/06 12:27 a.m.3 views

SUSE CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.8AI score0.00128EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 4:16 p.m.3 views

CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-12247

Malware in sbrugna...

3.2CVSS4AI score0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.6 views

CVE-2021-25351

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password...

3.2CVSS6.9AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2024/04/08 3:48 p.m.14 views

GHSA-5297-WRRP-RCJ7 Shopware Improper Session Handling in store-api account logout

Impact When a authentificated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally...

5.3CVSS5.2AI score0.00499EPSS
Exploits0References5
OSV
OSV
added 2022/10/26 12:0 a.m.18 views

CVE-2022-39355 Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number...

9.1CVSS9.2AI score0.00766EPSS
Exploits0References4
Prion
Prion
added 2021/05/28 8:15 a.m.9 views

Authentication flaw

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5CVSS5.5AI score0.01511EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/28 8:10 a.m.16 views

CVE-2021-32541 SysJust CTS Web - Broken Access Control

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5.3CVSS5.8AI score0.01511EPSS
Exploits0References2
CNVD
CNVD
added 2021/04/01 12:0 a.m.6 views

Unspecified Vulnerability in Samsung EmailValidationView

Samsung EmailValidationView is an application from Samsung Korea. Provides email functionality. A security vulnerability exists in Samsung EmailValidationView that stems from improper access control and can be exploited by an attacker to log out of a user account on a device without a user passwo...

3.2CVSS6.8AI score0.00288EPSS
Exploits0References1
Prion
Prion
added 2021/03/25 5:15 p.m.17 views

Improper access control

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password...

2.1CVSS4.1AI score0.00288EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder