Lucene search
K

152 matches found

Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34807

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/02 5:32 p.m.4 views

Use of Client-Side Authentication

Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/02 5:32 p.m.4 views

Use of Client-Side Authentication

Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...

8.7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/02/13 9:6 a.m.6 views

RLSA-2026:2224 Critical: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...

9.4CVSS5.7AI score0.05431EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/29 10:8 a.m.325 views

Exploit for Improper Certificate Validation in Apache Http_Server

Uefiscdi-Gov-Ro-Vulnerability- UNTESTED PAYLOADS, WAF-BYPASS,...

7.8CVSS8.8AI score0.98945EPSS
Exploits29
GithubExploit
GithubExploit
added 2025/12/18 5:54 a.m.181 views

Exploit for Use of Client-Side Authentication in Necta Wifi_Mouse_Server

Paso 1 — Crear un payload REAL Windows msfvenom -p windows/x6...

9.8CVSS9.4AI score0.73475EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/12/02 9:7 p.m.2 views

CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.7CVSS7.3AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:7 p.m.10 views

CVE-2025-61940

NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...

8.8CVSS7.3AI score0.00293EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/11 3:47 a.m.16 views

CVE-2025-12868

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...

9.8CVSS7.4AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 4:15 a.m.6 views

CVE-2025-12868

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...

9.8CVSS0.0048EPSS
Exploits0References2
CVE
CVE
added 2025/11/10 3:14 a.m.17 views

CVE-2025-12868

CVE-2025-12868 : The vulnerability affects CyberTutor’s New Site Server. Affected component is the client-side authentication mechanism, where unauthenticated remote attackers can modify frontend code and potentially gain administrator privileges on the website. Documented impact includes full ad...

9.8CVSS7.1AI score0.0048EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/10 3:14 a.m.2 views

CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...

9.8CVSS7.1AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/10 3:14 a.m.14 views

CVE-2025-12868 CyberTutor|New Site Server - Use of Client-Side Authentication

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...

9.8CVSS0.0048EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/10 3:14 a.m.5 views

EUVD-2025-41750

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website...

9.8CVSS7AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.4 views

CyberTutor New Site Server 安全漏洞

CyberTutor New Site Server is a website builder system from CyberTutor, a Taiwan, China-based company. A security vulnerability exists in CyberTutor New Site Server that stems from the use of client-side authentication, which could allow an unauthenticated remote attacker to modify the front-end...

9.8CVSS7.1AI score0.0048EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-45594

Name of the Vulnerable Software and Affected Versions New Site Server affected versions not specified Description New Site Server, developed by CyberTutor, is affected by a Use of Client-Side Authentication issue. This allows unauthenticated remote attackers to modify the frontend code, potential...

9.8CVSS7AI score0.0048EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.5 views

CVE-2025-62650

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...

9.9CVSS7.1AI score0.00479EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.4 views

CVE-2025-62649

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...

5.8CVSS7.1AI score0.00488EPSS
Exploits1References1
OSV
OSV
added 2025/10/17 9:15 p.m.5 views

CVE-2025-62650

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...

9.9CVSS5.8AI score0.00479EPSS
Exploits0References5
NVD
NVD
added 2025/10/17 9:15 p.m.4 views

CVE-2025-62650

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...

9.9CVSS0.00479EPSS
Exploits0References5
Rows per page
Query Builder