27 matches found
EUVD-2026-9984
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
EUVD-2020-29906
Malware in sbrugna...
EUVD-2006-4874
Malware in sbrugna...
EUVD-2008-2344
Malware in sbrugna...
EUVD-2023-56812
Malicious code in bioql PyPI...
EUVD-2022-6454
Malicious code in bioql PyPI...
EUVD-2024-41278
Malicious code in bioql PyPI...
CVE-2019-9939
The SHAREit application before 4.0.36 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requeste...
Security Update for the OPC UA .NET Standard Stack
This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. Note that the Basic128Rsa15 is disabled by default so most users will not be...
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h958-fxgg-g7w3. This link is maintained to preserve external references. Original Description Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass...
CVE-2024-42512
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled...
CVE-2024-42512
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled...
CVE-2024-42513
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints...
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...
CVE-2023-6451 Publicly Known Cryptographic Machine Key In Procura Portal Application
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms...
Authentication flaw
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app...
CVE-2022-29865
The CVE-2022-29865 entry concerns the OPC UA .NET Standard Stack. The connected sources confirm a remote authentication bypass vulnerability in this stack where crafted credentials can bypass the application authentication check. The NVD entry lists an affected component (OPC UA .NET Standard Sta...
Authentication: Lessons Learned from Microsoft Exchange and F5 BIG-IP Hacks
The past month has been a very dynamic time in the world of security for hackers and threat researchers, but it has been an extended nightmare for CSOs responsible for securing their enterprise networks. For starters, on-premise Microsoft Exchange servers were attacked in droves after a set of...