CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

CVE-2025-5060

CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...

CVE-2025-5821

The CVE-2025-5821 case concerns the WordPress plugin Case Theme User (versions up to 1.0.3). The vulnerability is an Authentication Bypass caused by improper login handling in the facebook_ajax_login_callback() pathway, enabling unauthenticated attackers who have an existing site account and acce...

CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

PT-2025-34523

Name of the Vulnerable Software and Affected Versions: Case Theme User plugin for WordPress versions prior to 1.0.4 Description: The Case Theme User plugin for WordPress is susceptible to an authentication bypass. This issue stems from the plugin's failure to correctly log in a user with data...

GO-2025-3839 Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault

Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault...

CVE-2025-49187 User enumeration

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2023-28442

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...

CVE-2023-21235

In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

CVE-2022-36638

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...

CVE-2020-13293

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash...

Configure Proper Association Policies for INPUT and OUTPUT of iptables

Although you can configure protocols, IP addresses, and port numbers to add policies for packets entering and leaving a server to the INPUT and OUTPUT chains, it is difficult to configure suitable policies using the sport parameter due to complicated situations. For example, a client accesses the...

Configure Proper Association Policies for INPUT and OUTPUT of nftables

Although you can configure protocols, IP addresses, and port numbers to add policies for packets entering and leaving a server to the INPUT and OUTPUT chains, it is difficult to configure suitable policies using the sport parameter due to complicated situations. For example, a client accesses the...

team: prevent adding a device which is already a team device lower

...

SUSE CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

DEBIAN-CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

UBUNTU-CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...