Lucene search
K

101 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.8 views

CVE-2023-29020

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...

6.5CVSS7AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.13 views

CVE-2022-40267

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

9.1CVSS7.3AI score0.01182EPSS
Exploits0References1
CVE
CVE
added 2025/05/05 8:56 p.m.86 views

CVE-2025-0915

CVE-2025-0915 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.1 under specific configurations, allowing an authenticated user to cause a denial of service by releasing memory resources insufficiently. IBM Security Bulletin for Db2 federated...

6.5CVSS6.7AI score0.00315EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/16 12:0 a.m.12 views

The vulnerability of Fortinet FortiOS operating systems stems from authentication mechanism flaws, which allow attackers to gain access to device configuration details and bypass existing security measures.

The vulnerability of Fortinet FortiOS operating systems is related to deficiencies in authentication mechanisms. Exploiting this vulnerability allows a malicious actor to gain access to device configuration information and bypass existing security measures...

10CVSS5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/08 11:16 a.m.21 views

CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00203EPSS
Exploits0References2
CVE
CVE
added 2025/03/03 10:7 a.m.63 views

CVE-2024-38426

CVE-2024-38426 involves Qualcomm chipsets with a vulnerability in the UE authentication processing that can lead to information disclosure. The issue is described as improper authentication during the authentication message handling, affecting Qualcomm modem/closed-source components and potential...

5.4CVSS6.9AI score0.00249EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.5 views

The vulnerabilities of the "Population Cancer Registry" and "Hospital Cancer Registry" software allow attackers to carry out attacks using brute-force methods.

The vulnerabilities of the “Population Cancer Registry” and “Hospital Cancer Registry” software are related to insufficient restrictions on authentication attempts. Exploiting these vulnerabilities allows a remote attacker to carry out an attack using brute-force methods...

9CVSS5.6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.28 views

Security Bulletin: IBM Storage Protect Server is susceptible to multiple authentication related vulnerabilities due to coreDNS (CVE-2022-2837, CVE-2022-2835, CVE-2024-0874).

Summary The IBM Storage Protect Server is susceptible to authentication-related vulnerabilities linked to coreDNS. These vulnerabilities may allow authenticated attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-2837 DESCRIPTION: coreDNS could allow a remote...

6.1CVSS6.4AI score0.0076EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/12/19 8:10 p.m.24 views

CVE-2024-12111 Potential LDAP injection vulnerability in OpenText Privileged Access Manager

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.34.4; 24.34.5...

8CVSS0.00359EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2024/12/12 12:0 a.m.42 views

php:7.4 security update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-2 - fix low/moderate CVEs RHEL-66589 - Fix cgi.forceredirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered CVE-2024-9026 - Fix Erroneous parsing of...

9.8CVSS7.4AI score0.49336EPSS
Exploits13
Talos Blog
Talos Blog
added 2024/12/09 7:30 p.m.31 views

MC LR Router and GoCast unpatched vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these...

9.8CVSS8AI score0.10514EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.10 views

Cross-Site WebSocket Hijacking

HTML5 WebSockets allow developers to create bi-directionnal communication channels between clients usually web browsers and servers. To initialize the communication, the WebSocket protocol requires a handshake performed with the HTTP protocol to ugprade the communication. When a web application...

7.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2024/11/16 12:0 a.m.7 views

gitea -- multiple vulnerabilities

Problem Description: Fix basic auth with webauthn Refactor internal routers partial backport, auth token const time comparing...

7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/17 12:0 a.m.6 views

The vulnerability of software platforms for developing and managing online stores like Magento Open Source and Adobe Commerce lies in the lack of authentication procedures, which allow attackers to increase their privileges.

The vulnerability of software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

6.8CVSS5.4AI score0.00742EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.4 views

PT-2025-14098

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.20 MongoDB Server versions prior to 7.0.16 MongoDB Server versions prior to 8.0.4 Description A MongoDB server running on Linux with TLS and CRL revocation status...

9.8CVSS6.6AI score0.00414EPSS
Exploits0References33
Vulnrichment
Vulnrichment
added 2024/01/25 12:0 a.m.11 views

CVE-2023-33759

SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...

7.4AI score0.00799EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-29258 · Unknown · Leave Management System Project

Name of the Vulnerable Software and Affected Versions: Leave Management System Project version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the setcasualleave parameter of the "admin/setleaves.php" resource does not validate the character...

8.8CVSS9.1AI score0.00647EPSS
Exploits1References5
OSV
OSV
added 2022/12/20 9:15 p.m.7 views

CVE-2022-41590

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/20 12:0 a.m.7 views

CVE-2022-41590

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

5.7AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2022/07/11 10:21 a.m.9 views

SUSE-SU-2022:2354-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM bsc1198919. - CVE-2022-24883: Fixed authentication against invalid SAM files bsc1198921...

9.8CVSS9.6AI score0.02674EPSS
Exploits1References5
Rows per page
Query Builder