1240 matches found
Pekko Management may not properly apply authenticator when Basic Authentication is enabled
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
GHSA-9QVJ-RPJ8-V5C8 Pekko Management may not properly apply authenticator when Basic Authentication is enabled
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548
CVE-2025-46548 affects Pekko Management (Java DSL) where enabling Basic Authentication may cause the authenticator to not be properly applied. The issue can lead to insufficient access control if management ports are not restricted to trusted users. The advisory recommends upgrading Pekko Managem...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
PT-2025-23624 · Unknown · Pekko Management
Name of the Vulnerable Software and Affected Versions: Pekko Management versions prior to 1.1.1 Description: The issue arises when Basic Authentication is enabled in Pekko Management using the Java DSL, potentially causing the authenticator to not be properly applied. This could affect users who...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2024-47165
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...
CVE-2024-50313
A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-41926
The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...
CVE-2023-23040
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...
CVE-2022-4498
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48740
CSRF vulnerability (CVE-2025-48740) affects StrangeBee TheHive prior to specific fixes: 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0. A remote attacker could trigger unauthorized requests on behalf of a privileged user authenticated with basic authentication. Root cause: CSRF in TheHive com...
CVE-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...
CVE-2021-45890
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier...