101 matches found
CVE-2023-29020
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2022-40267
Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...
CVE-2025-0915
CVE-2025-0915 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.1 under specific configurations, allowing an authenticated user to cause a denial of service by releasing memory resources insufficiently. IBM Security Bulletin for Db2 federated...
The vulnerability of Fortinet FortiOS operating systems stems from authentication mechanism flaws, which allow attackers to gain access to device configuration details and bypass existing security measures.
The vulnerability of Fortinet FortiOS operating systems is related to deficiencies in authentication mechanisms. Exploiting this vulnerability allows a malicious actor to gain access to device configuration information and bypass existing security measures...
CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-38426
CVE-2024-38426 involves Qualcomm chipsets with a vulnerability in the UE authentication processing that can lead to information disclosure. The issue is described as improper authentication during the authentication message handling, affecting Qualcomm modem/closed-source components and potential...
The vulnerabilities of the "Population Cancer Registry" and "Hospital Cancer Registry" software allow attackers to carry out attacks using brute-force methods.
The vulnerabilities of the “Population Cancer Registry” and “Hospital Cancer Registry” software are related to insufficient restrictions on authentication attempts. Exploiting these vulnerabilities allows a remote attacker to carry out an attack using brute-force methods...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple authentication related vulnerabilities due to coreDNS (CVE-2022-2837, CVE-2022-2835, CVE-2024-0874).
Summary The IBM Storage Protect Server is susceptible to authentication-related vulnerabilities linked to coreDNS. These vulnerabilities may allow authenticated attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-2837 DESCRIPTION: coreDNS could allow a remote...
CVE-2024-12111 Potential LDAP injection vulnerability in OpenText Privileged Access Manager
In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.34.4; 24.34.5...
php:7.4 security update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-2 - fix low/moderate CVEs RHEL-66589 - Fix cgi.forceredirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered CVE-2024-9026 - Fix Erroneous parsing of...
MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these...
Cross-Site WebSocket Hijacking
HTML5 WebSockets allow developers to create bi-directionnal communication channels between clients usually web browsers and servers. To initialize the communication, the WebSocket protocol requires a handshake performed with the HTTP protocol to ugprade the communication. When a web application...
gitea -- multiple vulnerabilities
Problem Description: Fix basic auth with webauthn Refactor internal routers partial backport, auth token const time comparing...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source and Adobe Commerce lies in the lack of authentication procedures, which allow attackers to increase their privileges.
The vulnerability of software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...
PT-2025-14098
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.20 MongoDB Server versions prior to 7.0.16 MongoDB Server versions prior to 8.0.4 Description A MongoDB server running on Linux with TLS and CRL revocation status...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
PT-2023-29258 · Unknown · Leave Management System Project
Name of the Vulnerable Software and Affected Versions: Leave Management System Project version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the setcasualleave parameter of the "admin/setleaves.php" resource does not validate the character...
CVE-2022-41590
Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...
CVE-2022-41590
Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...
SUSE-SU-2022:2354-1 Security update for freerdp
This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM bsc1198919. - CVE-2022-24883: Fixed authentication against invalid SAM files bsc1198921...