Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-15621

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS5.5AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Palo Alto Networks PAN-OS 缓冲区错误漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from insufficient boundary checks during the processing of certain data packets by the User-ID Authenticati...

9.8CVSS6.7AI score0.32074EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2026/04/16 12:40 p.m.4 views

CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS5.8AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 12:40 p.m.37 views

CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS0.00115EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.7 views

Mattermost fails to properly validate login method restrictions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/02/16 10:16 a.m.8 views

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 9:47 a.m.5 views

CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28665

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.0011EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.3 views

Using LLMs for Security Advisory Investigations: How Far Are We?

Large Language Models LLMs are increasingly used in software security, but their trustworthiness in generating accurate vulnerability advisories remains uncertain. This study investigates the ability of ChatGPT to 1 generate plausible security advisories from CVE-IDs, 2 differentiate real from fa...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-35789

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.30 Description A flaw exists in the authentication module of the Chamilo LMS OpenID system due to a lack of validation for XML object sequences. Successful exploitation could allow a remote attacker to execut...

9.8CVSS6.2AI score0.00587EPSS
Exploits1References15
Schneier on Security
Schneier on Security
added 2023/12/27 12:1 p.m.19 views

New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new "Stolen Device Protection" feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple...

7.1AI score
Exploits0
OSV
OSV
added 2022/05/02 10:15 p.m.7 views

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.5CVSS5.8AI score0.00571EPSS
Exploits0References2
Apple
Apple
added 2019/09/19 12:0 a.m.115 views

About the security content of iOS 13

About the security content of iOS 13 This document describes the security content of iOS 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...

10CVSS0.4AI score0.16997EPSS
Exploits7References1Affected Software1
NVD
NVD
added 2016/07/13 3:59 p.m.14 views

CVE-2016-5109

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication...

4.3CVSS4.1AI score0.00335EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/01/21 12:0 a.m.19 views

ThinkSNS某功能缺陷可导致重要信息泄漏

简要描述: ThinkSNS某功能缺陷可导致用户上传的身份证信息泄漏。 详细说明: 问题发生在 /apps/public/Lib/Action/AccountAction.class.php 行483 public function doAuthenticate .... $data'attachid' = t$POST'attachids'; 这里附件ID 是通过post方式传递的 意味着主要修改为别人附件ID 岂不是?? 附件可是有用户认证的身份证。遍历一遍 呵呵 其实导致这个问题还有很多地方。这里我就不一一列举了!你们自己revrew一下把 漏洞证明: 接着看展示的地方 393行...

7.1AI score
Exploits0
Rows per page
Query Builder