407 matches found
EUVD-2026-8630
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...
Linksys MR9600 安全漏洞
The Linksys MR9600 is a wireless router produced by the American company Linksys. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities. These vulnerabilities stem from the lack of authentication, which may lead to the disclosure o...
host-based-vulnerability-assessments
Host-Based Vulnerability Assessments Overview This reposi...
EUVD-2025-206352
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in the Dormakaba Access Manager, which stems from authentication based on the source IP address, potentially allowing IP address spoofing attacks to occur...
CVE-2025-9290
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...
CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...
CVE-2025-9290
CVE-2025-9290 describes an authentication weakness in Omada Controllers, Gateways, and Access Points related to improper handling of random values during controller-device adoption. The vulnerability could allow an attacker with adjacent network access to intercept adoption traffic and forge vali...
PT-2026-4304
Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...
CVE-2021-47801
Vianeos OctoPUS 5 is affected by a time-based blind SQL injection in the login_user parameter during authentication requests. The vulnerability allows crafted POST requests with SQL payloads that trigger database sleep functions to extract information. Root cause is a time-based blind SQLi flaw i...
CVE-2021-41638
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...
CVE-2025-15105 getmaxun auth.ts hard-coded key
A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...
PT-2025-52522
Name of the Vulnerable Software and Affected Versions Ever Gauzy version 0.281.9 Description The software contains a JWT authentication issue due to a weak HMAC secret key implementation. This allows attackers to exploit the exposed JWT token to authenticate and gain unauthorized access,...
PT-2025-49765
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...
Splunk Cloud Platform和Splunk Enterprise 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk Clou...
Siemens Industrial Edge Devices Weak Authentication (CVE-2024-54092)
Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federati...
WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability
WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...
CVE-2025-62774
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...
The vulnerability of Moxa network device software of the EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108, and OnCell G4302-LTE4 series is related to deficiencies in authentication mechanisms. This allows unauthorized individuals to gain access to protected information.
The vulnerability of Moxa network devices with microprogrammed software, such as EDR-G9010, EDR-8010, EDG-G1002-BP, TN-4900, NAT-102, NAT-108, and OnCell G4302-LTE4, is related to deficiencies in authentication mechanisms. Exploiting this vulnerability can allow unauthorized actors to gain...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...