CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

EUVD-2024-2366

Malicious code in bioql PyPI...

EUVD-2023-2404

Malicious code in bioql PyPI...

CVE-2025-54786 SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting calendar...

CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

PT-2025-28157 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 20.1 Description: The issue arises from a timing attack vulnerability in the authenticate user function within the lollms authentication.py file. This vulnerability allows attackers to enumerate valid usernam...

CVE-2025-49006

Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...

The vulnerability of the org.xwiki.platform:xwiki-platform-security-authentication-ui component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the “org.xwiki.platform:xwiki-platform-security-authentication-ui” component of the XWiki Platform involves the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2025-46573

passport-wsfed-saml2 versions 3.0.5–4.6.3 are vulnerable to impersonation during SAML authentication by tampering with a valid SAML response (adding attributes). The vulnerability occurs when the SP uses passport-wsfed-saml2 and a valid SAML Response signed by the IdP is obtainable. Version 4.6.4...

KRB5 Authorization

This script allows users to enter the information required to authorize and login via KRB5. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

SUSE CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities

No description provided by source. Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading developer of Open Sourc...

CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

DEBIAN-CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

informix-tables NSE Script

Retrieves a list of tables and column definitions for each database on an Informix server. Script Arguments informix-tables.username The username used for authentication informix-tables.password The password used for authentication Version 0.1 Created 27/07/2010 - v0.1 - created by Patrik Karlsso...

DSECRG-08-014.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution: none Date of Public Advisory:...

MDKA-2005:048 : mdkonline

Updated mdkonline packages are now available that change the name of the main binary from MandrakeUpdate to MandrivaUpdate due to Mandriva's name change. As well, this update provides fixes the account creation and authentication based on obsolete architectures versions prior to 2006.0. The user...

CVE-2002-0303

GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password...