147 matches found
PT-2026-1871
Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...
CVE-2025-15106
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
EUVD-2025-205474
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...
CVE-2025-15106
The CVE-2025-15106 vulnerability affects the getmaxun project’s Authentication Endpoint, specifically the router.get in file server/src/routes/auth.ts. The underlying issue is improper authorization caused by manipulation of router.get, with remote exploit potential and a publicly available explo...
PT-2025-53618
Name of the Vulnerable Software and Affected Versions getmaxun versions prior to 0.0.28 Description A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the router.get function within the server/src/routes/auth.ts file is susceptible to improper authorization due ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the \authentication\ file. An attacker can inject and execute arbitrary scripts by submitting crafted input to the affected endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs...
Exploit for CVE-2025-65899
CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...
WSO2多款产品 安全漏洞
WSO2 API Manager is an API lifecycle management solution, WSO2 Identity Server IS is an identity server, and WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of output encoding on the authentication endpoint, which could le...
CVE-2025-62712
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
KeeneticOS 安全漏洞
KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of CRLF injection in the /auth API endpoint, which could lead to an attacker taking over the device by adding additional users wit...
CVE-2025-56007
KeeneticOS prior to 4.3 is affected by a CRLF injection at the /auth API endpoint. The vulnerability allows an attacker to add new users with full permissions and take over the device, by tricking a victim into opening a page containing the exploit. Affected component is the /auth endpoint within...
EUVD-2023-59043
Malicious code in bioql PyPI...
EUVD-2024-54601
Malicious code in bioql PyPI...
EUVD-2025-24834
Malicious code in bioql PyPI...
CVE-2025-57815
CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...