EUVD-2025-203314

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

PYSEC-2025-135

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

EUVD-2012-5903

Malware in sbrugna...

CVE-2025-46409

Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker...

CVE-2025-6386

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

CVE-2025-5446 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RPcheckCredentialsByBBS of the file /goform/RPcheckCredentialsByBBS. The manipulation of th...

CVE-2024-42543

TOTOLINK A3700R v9.1.2u.5822B20200513 has a buffer overflow vulnerability in the httphost parameter in the loginauth function...

CVE-2023-38908

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function...

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...

CVE-2025-44898

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the webaaaloginAuthlistEdit function...

CVE-2025-1863 Insecure default settings for recorder products

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related ...

PT-2025-17258 · Yokogawa Electric · Fx1000 +12

Name of the Vulnerable Software and Affected Versions: Yokogawa Electric Corporation GX10 / GX20 / GP10 / GP20 Paperless Recorders versions R5.04.01 or earlier Yokogawa Electric Corporation GM Data Acquisition System versions R5.05.01 or earlier Yokogawa Electric Corporation DX1000 / DX2000 /...

SUSE-SU-2025:20231-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517...

CVE-2024-28405

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMSFuntion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges...

CVE-2023-47463

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...

GL.iNet AX1800 Security Vulnerability

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 that stems from a vulnerability that allows an attacker to execute arbitrary code with the specially crafted GLnassys authentication function...

CVE-2023-47463

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the glnassys authentication function...

PT-2023-30460 · Gl.Inet · Gl-Inet Ax1800

Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 4.0.0 through 4.4.x Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the gl nas sys authentication function. This enables the attacker to potentially gain unauthorized...

CVE-2023-41346

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the syst...

CVE-2023-38908

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function...