MAL-2025-3925 Malicious code in vue-gop-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5f8092f5dd68ba9b719ca6f042e84c396704214bdaff421ce3f8b933fa7e302 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vue-gop-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5f8092f5dd68ba9b719ca6f042e84c396704214bdaff421ce3f8b933fa7e302 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

libsoup 代码问题漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A code issue vulnerability exists in libsoup, which stems from the fact that handling certain constructs of the WWW-Authenticate header may cause a client application to crash, potentially leading to a denial of service attack...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

SUSE CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

Exploit for CVE-2025-492030

CVE-2025-492030 Security Advisory: CVE-2025-492030 Overv...

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

CVE-2025-1666

CVE-2025-1666 refers to the WordPress cookie banner plugin Cookiebot CMP by Usercentrics. The Red Hat entry and Wordfence coverage confirm a vulnerability caused by a missing capability check in send_uninstall_survey() affecting all versions up to 4.4.1, allowing authenticated attackers with Subs...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Linux Distros Unpatched Vulnerability : CVE-2013-2503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

CVE-2025-0564

A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The explo...

Code-Projects Fantasy-Cricket 注入漏洞

Code-Projects Fantasy-Cricket is a Code-Projects open source system. An injection vulnerability exists in Code-Projects Fantasy-Cricket version 1.0, which stems from the parameter uname in the file /authenticate.php that can cause SQL injection...

DEBIAN-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

UBUNTU-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

WordPress Sign In With Google plugin <= 1.8.0 - Authentication Bypass in authenticate_user vulnerability

Authentication Bypass in authenticateuser vulnerability discovered by shaman0x01 in WordPress Plugin Sign In With Google versions = 1.8.0...

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...

CVE-2024-7636

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attac...