CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

PT-2026-21945

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue has been identified in Chia Blockchain that results in improper authentication. This is due to manipulation within the authenticate function located in the rpc server base.py file of t...

chia-blockchain 授权问题漏洞

ChiaBlockchain is a Python library for Chia Network’s open-source project. Version 2.1.0 of ChiaBlockchain contains an authorization vulnerability. This vulnerability stems from improper authentication practices in the authenticate function within the rpcserverbase.py file of the component’s RPC...

Information Exposure

Overview @vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Information Exposure via the authenticate function. An attacker can determine valid usernames by measuring response times during authentication attempts. Remediation Upgrade...

EUVD-2025-180217

Malicious code in authenticate-function-scale-cloud-socket npm...

VulnCheck KEV: CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

PT-2024-30595 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows for unauthorized access, modification, and loss of data due to a missing capability check on the authenticate function. This enables...

CVE-2023-34409

In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...

Timing Attack

github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate function of auth.go does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observin...

SUSE CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

Traq authenticate function remote code execution

Added: 12/27/2011 BID: 50961 OSVDB: 77556 Background Traq is a PHP5+ and MySQL4+ based Project Tracking system with the ability to host multiple projects. Problem The flaw is caused due to admin rights not properly being restricted in the "authenticate" function in admincp/common.php. This can be...

Traq 'authenticate()'函数远程代码执行漏洞

Bugtraq ID: 50961 Traq是一款基于PHP/MySQL的项目管理软件 定义在/admincp/common.php中的authenticate函数存在错误： 27. function authenticate 28. 29. global $user; 30. 31. if!$user-group'isadmin' 32. header"Location: login.php"; 33...

CVE-2010-2944

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges...

CVE-2010-2944

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges...

IncrediMail 2.0 Buffer Overflow

IncrediMail 2.0 activeX Authenticate bof poc by d3b4g Tested: incerdiMail 2.0 Vendor url:http://www.incredimail.com/english/splash.aspx Tested on windows XP SP3 1-03-2010 Debugging info -------------- Exception Code: ACCESSVIOLATION Disasm: 678914AE MOV EDX,ECX ImSpoolU.dll Seh Chain:...

MailWatch authenticate() Function SQL Injection

The remote host appears to be running MailWatch, a web-based frontend to MailScanner written in PHP. The version of MailWatch installed on the remote host fails to sanitize the username and password before using them in database queries in the 'authenticate' function of 'functions.php'. This issu...

CVE-2005-3470

SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands...

CVE-2004-2388

The vulnerability CVE-2004-2388 affects the AIX 4.3.3 rexecd component. It stems from not properly using a local copy of the pwd structure when calling getpwnam, allowing the authenticate function to overwrite the pwd data and potentially assign privileges to the wrong user. This creates a privil...