3633 matches found
CVE-2024-13198
CVE-2024-13198 affects langhsu Mblog Blog System 3.5.0. The vulnerability is in an unknown function of the file /login , causing an observable response discrepancy. It can be exploited remotely, with attack complexity described as high. Exploit has been disclosed publicly. Vendor response to disc...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
Optimizely EPiServer.CMS.Core 安全漏洞
Optimizely EPiServer.CMS.Core is a content management system core from Optimizely, Inc. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.32.0 that stems from insufficient complexity of the required password...
CVE-2025-22390
Optimizely EPiServer.CMS.Core prior to 12.32.0 contains a password- policy weakness where passwords as short as 6 characters may be set due to insufficient complexity enforcement. This vulnerability could enable offline cracking or password spraying in theory, given weak password requirements. Af...
PT-2025-4486 · Optimizely · Episerver.Cms.Core
Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.
Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...
CVE-2024-13111
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...
CVE-2024-13111 Beijing Yunfan Internet Technology Yunfan Learning Examination System JWT Token SysUserControl improper authentication
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token...
PT-2025-42743
Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The software experiences quadratic complexity during the parsing of certain invalid inputs when handling PEM encoded data. This can lead to performance issues. Recommendations Update to a...
CVE-2024-13028 Antabot White-Jotter login observable response discrepancy
A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The...
CVE-2024-13028 Antabot White-Jotter login observable response discrepancy
A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The...
CVE-2024-40875
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack...
CVE-2024-40875 Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.52
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack...
CVE-2024-40875 Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.52
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack...
CVE-2024-40875
Absolute Secure Access management console (before 13.52) is affected by an XSS vulnerability. Attackers with system administrator privileges can interfere with another admin’s console session. Root cause is cross-site scripting in the console; impact is high on integrity, low on availability, non...
CVE-2024-12667
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...
CVE-2024-12667 InvoicePlane view session expiration
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...
CVE-2024-12667
The CVE-2024-12667 issue affects InvoicePlane up to version 1.6.1, where manipulation of an unknown function in /invoices/view can cause session expiration. This vulnerability is exploitable remotely with high attack complexity, and the exploit has been disclosed publicly. A fixed version is 1.6....