510 matches found
CVE-2025-67038
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the HandleAuthenticationFailure function of the AMF component. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Details Denial of Service DoS describes a...
EUVD-2026-14889
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.0 contain security vulnerabilities, which stem from issues with the HandleAuthenticationFailure function in the AMF component. These vulnerabilities may lead to denial-of-service...
PT-2026-27438
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...
PT-2026-31699
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.83 through 9.0.115 Apache Tomcat versions 10.1.0-M7 through 10.1.52 Apache Tomcat versions 11.0.0-M1 through 11.0.18 Apache Tomcat Native versions 1.1.23 through 1.1.34 Apache Tomcat Native versions 1.2.0 through...
CVE-2026-32596
CVE-2026-32596 describes an information-disclosure in Glances prior to 4.5.2, where starting the web server with the default command (glances -w) runs without authentication and exposes a REST API over the network. This allows remote attackers to access sensitive system information, including ful...
UBUNTU-CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...
CVE-2026-4208
The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider...
CVE-2025-52638
HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configuratio...
CVE-2026-32269
Parse Server vulnerability CVE-2026-32269 affects deployments using the OAuth2 adapter with both appidField and appIds configured. The issue stems from incorrect validation of app IDs where a malformed value is sent to the token introspection endpoint instead of the user’s actual access token, po...
EUVD-2025-208587
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
CVE-2025-67038
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
Sylius has a XSS vulnerability in checkout login form
Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...
GHSA-VGH8-C6FP-7GCG Sylius has a XSS vulnerability in checkout login form
Impact A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is rendered into the DOM using innerHTML, allowing any...