16 matches found
CVE-2025-15621
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2025-15624
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...
Palo Alto Networks PAN-OS 缓冲区错误漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a buffer overflow vulnerability in Palo Alto Networks PAN-OS, which stems from insufficient boundary checks during the processing of certain data packets by the User-ID Authenticati...
CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
CVE-2025-15621 Sparx Enterprise Architect Client does not verify the receiver of OAuth2 credentials during OpenID authentication
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...
Mattermost fails to properly validate login method restrictions
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2026-0999
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
EUVD-2022-28665
Malicious code in bioql PyPI...
Using LLMs for Security Advisory Investigations: How Far Are We?
Large Language Models LLMs are increasingly used in software security, but their trustworthiness in generating accurate vulnerability advisories remains uncertain. This study investigates the ability of ChatGPT to 1 generate plausible security advisories from CVE-IDs, 2 differentiate real from fa...
PT-2025-35789
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.30 Description A flaw exists in the authentication module of the Chamilo LMS OpenID system due to a lack of validation for XML object sequences. Successful exploitation could allow a remote attacker to execut...
New iPhone Security Features to Protect Stolen Devices
Apple is rolling out a new "Stolen Device Protection" feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple...
CVE-2022-23722
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...
About the security content of iOS 13
About the security content of iOS 13 This document describes the security content of iOS 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...
CVE-2016-5109
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication...
ThinkSNS某功能缺陷可导致重要信息泄漏
简要描述: ThinkSNS某功能缺陷可导致用户上传的身份证信息泄漏。 详细说明: 问题发生在 /apps/public/Lib/Action/AccountAction.class.php 行483 public function doAuthenticate .... $data'attachid' = t$POST'attachids'; 这里附件ID 是通过post方式传递的 意味着主要修改为别人附件ID 岂不是?? 附件可是有用户认证的身份证。遍历一遍 呵呵 其实导致这个问题还有很多地方。这里我就不一一列举了!你们自己revrew一下把 漏洞证明: 接着看展示的地方 393行...