CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

CVE-2024-47053 Improper Authorization in Reporting API

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

CVE-2024-47053

CVE-2024-47053 concerns an authorization flaw in Mautic’s API. Any authenticated user can access all reports and their data via the API, bypassing permissions intended to restrict access to non-system reports (e.g., View Own/View Others). The vulnerability arises from Mautic’s HTTP Basic Authenti...

PT-2025-8691 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns an authorization flaw in Mautic's HTTP Basic Authentication implementation, allowing unauthorized access to sensitive report data. Specifically, an improper authorization...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

Netgear C7800 Router (firmware 6.01.07 and possibly others) exposes admin credentials via basic authentication over HTTP, with credentials base64-encoded in the header and no transport security by default. This enables eavesdropping/MITM on authenticated requests over WLAN or LAN. Reported CVSSv3...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

SUSE CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

DEBIAN-CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

UBUNTU-CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

CVE-2025-0896

CVE-2025-0896 affects Orthanc server prior to version 1.5.8. The root cause is that basic authentication is not enabled by default when remote access is enabled, which can lead to unauthorized access. CVSS metrics shown in the public data indicate CRITICAL impact across confidentiality, integrity...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

Orthanc 访问控制错误漏洞

Orthanc is a free and open source software from Orthanc. An access control error vulnerability exists in Orthanc versions prior to 1.5.8 that stems from not enabling basic authentication by default when enabling remote access...

DEBIAN-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

UBUNTU-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

SUSE CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...