USN-7772-1: Eventlet vulnerability

It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...

CVE-2025-9495

CVE-2025-9495 - Vitogate 300 Authentication Bypass : The Vitogate 300 web interface relies on frontend-based authentication controls and does not enforce proper server-side authentication. An attacker can modify HTML elements via browser developer tools to bypass login restrictions and reveal the...

CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

PT-2025-39104

Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description The web interface does not properly enforce server-side authentication, relying instead on frontend-based authentication controls. This allows an attacker to bypass login restrictions by...