CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

Veritas Data Insight 安全漏洞

Veritas Data Insight is a solution from Veritas that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1.2 that stems from the possibility of sending plaintext credentials when configured to use HTTP basic...

CVE-2025-43704

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server...

CVE-2025-43704

CVE-2025-43704 affects Arctera/Veritas Data Insight prior to 7.1.2. The issue allows sending cleartext credentials when the product is configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. The reported remediation is to upgrade to version 7.1.2 or later. Exploit details or ac...

(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the PATHTRANSLATED parameter provided to the...

Stream HTTP wrapper header check might omit basic auth header

...

CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

OESA-2025-1299 rubygem-rack security update

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

Linux Distros Unpatched Vulnerability : CVE-2019-12529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the...

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Reporting API. An attacker can gain unauthorized access to sensitive report data by exploiting the flawed HTTP Basic Authentication implementation. Note: This is only exploitable if the API is enabled and...

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

CVE-2024-47053 Improper Authorization in Reporting API

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

CVE-2024-47053

CVE-2024-47053 concerns an authorization flaw in Mautic’s API. Any authenticated user can access all reports and their data via the API, bypassing permissions intended to restrict access to non-system reports (e.g., View Own/View Others). The vulnerability arises from Mautic’s HTTP Basic Authenti...

PT-2025-8691 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns an authorization flaw in Mautic's HTTP Basic Authentication implementation, allowing unauthorized access to sensitive report data. Specifically, an improper authorization...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

Netgear C7800 Router (firmware 6.01.07 and possibly others) exposes admin credentials via basic authentication over HTTP, with credentials base64-encoded in the header and no transport security by default. This enables eavesdropping/MITM on authenticated requests over WLAN or LAN. Reported CVSSv3...