CVE-2022-3926

The WP OAuth Server OAuth Authentication WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID...

PT-2022-24852 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication versions prior to 3.4.2 Description: The issue concerns a lack of CSRF check when regenerating secrets. This could allow attackers to make logged-in admins regenerate the secret of an arbitrary client, giv...

CVE-2021-40088

An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...

Code injection

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller WLC software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service ARP storm via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374...