155 matches found
PYSEC-2026-100
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...
📄 Patients Waiting Area Queue Management System 1.0 SQL Injection
Patients Waiting Area Queue Management System version 1.0 is vulnerable to SQL injection due to improper sanitization on the appointmentID parameter. Authentication bypass and full database dump are possible. The application also appears to have a hardcoded JWT key, suffers from a username...
CVE-2026-1554
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
EUVD-2026-5352
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554
CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...
CVE-2026-1554
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
Drupal Central Authentication System Server 安全漏洞
The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...
DRUPAL-CONTRIB-2026-007
This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...
PT-2026-5243
Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...
Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...
CVE-2025-53968 EVMAPA Improper Restriction of Excessive Authentication Attempts
This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service DoS condition. This can overwhelm the authentication system,...
CVE-2024-39340
The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...
EUVD-2021-0800
Malware in sbrugna...
EUVD-2011-4719
Malware in sbrugna...
EUVD-2020-29671
Malware in sbrugna...
EUVD-2023-53984
Malicious code in bioql PyPI...
EUVD-2024-2888
Malicious code in bioql PyPI...
EUVD-2025-21385
Malicious code in bioql PyPI...