192497 matches found
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2025-13473
CVE-2025-13473 affects Django 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The vulnerability lies in django.contrib.auth.handlers.modwsgi.check_password(), where authentication via mod_wsgi can allow remote attackers to enumerate users via a timing attack. Earlier/unsupported serie...
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2025-61641
A flaw was found in MediaWiki. A remote attacker can exploit this vulnerability without requiring user interaction or privileges. This issue, associated with the includes/api/ApiQueryAllPages.Php program file, may lead to a low impact Denial of Service DoS. Mitigation Mitigation for this issue is...
CVE-2025-6593
A flaw was found in MediaWiki. A remote attacker, by enticing a user to interact with malicious content, could potentially exploit a vulnerability in the includes/user/User.Php file. This could lead to the disclosure of limited sensitive information. Mitigation Mitigation for this issue is either...
CVE-2025-6591
A flaw was found in MediaWiki, specifically within the ApiFeedContributions.Php program file. This vulnerability could potentially be exploited by a remote attacker with high privileges, requiring user interaction. Mitigation Mitigation for this issue is either not available or the currently...
UBUNTU-CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CLSA-2026-1770118623 java-1.8.0-openjdk: Fix of CVE-2026-21945
Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash DoS...
CVE-2025-67851
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...
CVE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...
Improper TLS Certificate Validation
github.com/neuvector/neuvector is vulnerable to improper TLS certificate validation. The vulnerability is due to TLS verification not being enforced by default for OpenID Connect authentication, which allows an attacker to perform man-in-the-middle MITM attacks by intercepting or tampering with...
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...
CVE-2026-24934
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
CVE-2026-24935
CVE-2026-24935: A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server, enabling a MitM attacker to intercept or redirect the NAT tunnel establishment. This vulnerability could disrupt service availability or enable targeted attacks by ac...
CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
EUVD-2026-5285
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...