CVE-2025-1666

CVE-2025-1666 refers to the WordPress cookie banner plugin Cookiebot CMP by Usercentrics. The Red Hat entry and Wordfence coverage confirm a vulnerability caused by a missing capability check in send_uninstall_survey() affecting all versions up to 4.4.1, allowing authenticated attackers with Subs...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Linux Distros Unpatched Vulnerability : CVE-2013-2503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

CVE-2025-0564

A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The explo...

Code-Projects Fantasy-Cricket 注入漏洞

Code-Projects Fantasy-Cricket is a Code-Projects open source system. An injection vulnerability exists in Code-Projects Fantasy-Cricket version 1.0, which stems from the parameter uname in the file /authenticate.php that can cause SQL injection...

DEBIAN-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

UBUNTU-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

WordPress Sign In With Google plugin <= 1.8.0 - Authentication Bypass in authenticate_user vulnerability

Authentication Bypass in authenticateuser vulnerability discovered by shaman0x01 in WordPress Plugin Sign In With Google versions = 1.8.0...

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...

CVE-2024-7636

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attac...

MAL-2024-7643 Malicious code in sap-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4011b4682df361885068a85fb964ef88af5e0fd77d05306416b10e10c5cb9b6e The OpenSSF Package Analysis project identified 'sap-authenticate' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sap-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4011b4682df361885068a85fb964ef88af5e0fd77d05306416b10e10c5cb9b6e The OpenSSF Package Analysis project identified 'sap-authenticate' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

GHSA-X7Q2-WR7G-XQMF Django vulnerable to user enumeration attack

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

CVE-2024-24554

Bludit (CMS) is affected by CVE-2024-24554 due to using predictable methods with MD5 to generate sensitive tokens (API token, user token). The underlying issue is token generation, enabling authentication against the Bludit API. Documents do not provide concrete fixes or affected versions; at lea...

PT-2024-6224

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. This is due to the...

CVE-2024-5203

CVE-2024-5203 is described in IBM’s bulletin as a cross-site request forgery in Keycloak used by IBM i Modernization Engine for Lifecycle Integration. It allows a remote authenticated attacker to exploit improper input validation to send a crafted request to /login-actions/authenticate, potential...

PT-2024-37226 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A vulnerability was found in Quay, where an attacker can use an OAuth token to authenticate despite not having access to the organization from which the application was created, if they obtain...

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - Apache Tomcat 5.5.0 through...