CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

EUVD-2025-204663

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information (including AutoP URL addresses) due to an inadequate authentication mechanism. A security update deploying an enhanced authentication mechanism to all cloud instances fixes the issue. Affected product: Yealink RPS prior to 20...

EUVD-2024-19814

Malicious code in bioql PyPI...

CVE-2024-22250

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

VMware Enhanced Authentication Plug-in Installed (Windows)

Binary data vmwareenhancedauthenticationplug-inwininstalled.nbin...

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

PT-2024-1777 · Vmware · Vmware Enhanced Authentication Plug-In

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in EAP affected versions not specified Description: The issue is related to arbitrary authentication relay and session hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP. Th...

PT-2024-2166 · Vmware +1 · Vmware Enhanced Authentication Plug-In +1

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in affected versions not specified Description: The issue is related to a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. This could allow a malicious actor with...

VMware Enhanced Authentication Plug-in Security Vulnerability

The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...