Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

CVE
CVEadded 2025/10/27 2:39 p.m.7 views

CVE-2025-26862

CVE-2025-26862 affects Ping Identity PingFederate’s HTML Form Adapter when operating in non-default redirectless mode, where it can render authentication forms unexpectedly. This behavior may enable brute-force login attempts. The issue is described consistently across multiple sources (NVD, Red ...

6.6AI score0.00042EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.1 views

PT-2025-43964

Name of the Vulnerable Software and Affected Versions PingFederate affected versions not specified Description A configuration issue in PingFederate’s HTML Form Adapter, specifically when operating in non-default redirectless mode, can lead to unexpected authentication form rendering. This allows...

6.5AI score0.00042EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2012-5390

Malware in sbrugna...

4CVSS6.4AI score0.00172EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2010-4257

Malware in sbrugna...

7.5CVSS6.3AI score0.02887EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/05/22 12:29 p.m.5 views

CVE-2010-4284

SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server DMS before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9AI score0.02887EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:38 a.m.3 views

CVE-2019-16264

In Escuela de Gestion Publica Plurinacional EGPP Sistema Integrado de Gestion Academica GESAC v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database...

9.8CVSS7.7AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/07/25 4:0 p.m.12 views

CVE-2024-7101 ForIP Tecnologia Administração PABX Authentication Form login sql injection

A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. This issue affects some unknown processing of the file /login of the component Authentication Form. The manipulation of the argument usuario leads to sql injection. The attack may be...

7.5CVSS7.5AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/04/25 3:58 p.m.19 views

CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.9AI score0.00596EPSS
Exploits0References15
RedHat Linux
RedHat Linuxadded 2024/04/16 7:55 p.m.0 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.00596EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2024/02/13 5:7 p.m.0 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.00596EPSS
Exploits0References4
OSV
OSVadded 2024/02/01 6:15 p.m.0 views

UBUNTU-CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12...

8.1CVSS7.2AI score0.00568EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/02/01 12:0 a.m.1 views

GLPI Injection Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

8.1CVSS7.4AI score0.00568EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/12/04 12:0 a.m.1 views

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak version 22.0.5, which stems from a log injection issue that could allow an attacker to inje...

5.3CVSS7.2AI score0.00596EPSS
Exploits0References3
NVD
NVDadded 2023/08/25 4:15 p.m.12 views

CVE-2020-11711

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possibl...

4.8CVSS5AI score0.00487EPSS
Exploits0References3
Prion
Prionadded 2023/08/25 4:15 p.m.12 views

Authentication flaw

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possibl...

4.3CVSS5AI score0.00487EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 4:30 a.m.1 views

SUSE CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.6AI score0.00438EPSS
Exploits0References4
OSV
OSVadded 2019/09/16 1:15 p.m.0 views

CVE-2019-16264

In Escuela de Gestion Publica Plurinacional EGPP Sistema Integrado de Gestion Academica GESAC v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database...

9.8CVSS7.3AI score0.00328EPSS
Exploits1References1
Cvelist
Cvelistadded 2019/09/16 12:4 p.m.9 views

CVE-2019-16264

In Escuela de Gestion Publica Plurinacional EGPP Sistema Integrado de Gestion Academica GESAC v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database...

9.8AI score0.00328EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2018/10/16 5:38 p.m.0 views

django: Information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.2AI score0.00438EPSS
Exploits0References5
OSV
OSVadded 2018/10/03 9:13 p.m.0 views

GHSA-RF4J-J272-FJ86 Django vulnerable to information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

8.7CVSS6.8AI score0.00438EPSS
Exploits0References9
Rows per page
Query Builder