Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden versions prior to v1.32.5. An attacker exploiting this vulnerability could execute arbitrary code by injecting a specially...

Improper Input Validation

org.keycloak:keycloak-services is vulnerable to Improper Input Validation. The vulnerability is due to the use of email as a username without checking for existing accounts, which can lead to the inability to reset or login with email for the user...

Keycloak Denial of Service via account lockout

In any realm set with "User Self registration" a user that is registered with a username in email format can be "locked out" denied from logging in using his username...

Security Bulletin: IBM Storage Ceph is vulnerable to improper authentication in Grafana (CVE-2022-39229)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39229 Vulnerability Details CVEID: CVE-2022-39229 DESCRIPTION: Grafana could allow a remote attacker to bypass security restrictions, caused by improper authentication. By using...

CVE-2022-39229 Grafana users with email as a username can block other users from signing in

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, th...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...

Wuzhi WUZHI CMS 跨站脚本漏洞

WUZHI CMS is a PHP and MySQL based Content Management System CMS from Beijing WuZHI Technology Co. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks via the "email username" parameter in "index.php"...

Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure

The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...

CVE-2018-1000549

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request...

Design/Logic Flaw

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request...

CVE-2018-1000549

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request...

PvPGN Stats ladder/stats.php file SQL injection vulnerability

PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program failing to filter...