CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting

The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the wwaauth AJAX endpoint in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes logged by the plugin. This makes it...

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint /auth/saml/callback. By manipulating the RelayState parameter, an attacker can...

writeups

Hi there! This is a repo containing some of my security writeup...

EUVD-2025-35693

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

EUVD-2025-26476

Malicious code in bioql PyPI...

PT-2025-43520

Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A CRLF-injection flaw exists in KeeneticOS prior to version 4.3. This issue is present at the /auth API endpoint and could allow attackers to gain control of the device. Exploitation involves adding...

CVE-2025-58163

CVE-2025-58163 describes a deserialization of untrusted data vulnerability in FreeScout (PHP Laravel). Versions 1.8.185 and earlier are affected, enabling authenticated attackers (with knowledge of the APP_KEY) to achieve remote code execution. The flaw is present in an endpoint such as /help/{ma...

Account takeover due to missing oauth audience verification in google sign in

Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...

CVE-2025-27847

CVE-2025-27847 affects ESPEC North America Web Controller 3 (prior to 3.3.8). The issue is that user session privileges are not revoked on logout via the /api/v4/auth/ endpoint, which can allow continued access after logout. CVSS v3.1 metrics indicate a Medium impact with Privileges Required: Non...

CVE-2023-52268

CVE-2023-52268 affects the FreeScout End-User Portal module pre-1.0.65. The root cause is improper session token handling at the /auth endpoint, enabling an attacker to authenticate as arbitrary users and impersonate them to access their tickets. Impact is high confidentiality/integrity loss with...

PT-2024-14501 · Unknown · Freescout End-User Portal

Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...

PT-2024-5665 · Tenda · Tenda I22

Name of the Vulnerable Software and Affected Versions: Tenda i22 version 1.0.0.34687 Description: The issue is related to a buffer overflow in the formApPortalWebAuth function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality, integrity...

PT-2024-35711 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint "/auth/saml/tto/download-idp-xml". The vulnerability...

PT-2023-26359 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 4.17.0.12 Description: The issue allows remote attackers to cause a denial of service through a GET request to "/opennds auth/" that lacks a custom query string parameter and client-token, resulting in a NULL pointer...

CVE-2022-1970

CVE-2022-1970 entry is rejected/not used and does not represent an active vulnerability.

Open redirect

keycloak 18.0.0: open redirect in auth endpoint via the redirecturi parameter...