55 matches found
CVE-2024-49358
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2021-38376
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call...
GHSA-4G8M-5MJ5-C8XG Umbraco Makes User Enumeration Feasible Based on Timing of Login Response
Impact Based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. Patches Patched in 10.8.10 and 13.8.1. Workarounds None available...
Malicious code in swift-login-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbad853440515e1762a39bb7b7d5a115b77cf243fd0ee0b3bbd82c1ac8bab0c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-587 Malicious code in swift-login-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbad853440515e1762a39bb7b7d5a115b77cf243fd0ee0b3bbd82c1ac8bab0c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-36188 · Unknown · Aicomments
Name of the Vulnerable Software and Affected Versions: AIcomments versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into...
PT-2024-33153 · Unknown · Best House Rental Management System Project In Php
Name of the Vulnerable Software and Affected Versions: Best House rental management system project in php version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the username parameter of the "login request" API endpoint. This enables the attacker to inject...
Open Redirect
scoutbrowser is vulnerable to Open Redirect. The vulnerability is due to inadequate input validation and sanitization in the /login API endpoint, which does not properly handle the next parameter, and lack of scheme validation, which allows for both open redirects and HTTPS downgrade attacks...
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-47530
CVE-2024-47530 affects gstreamer-plugins-good in SUSE open advisories. The connected documents specify the vulnerability as an uninitialized stack memory issue in the Matroska/WebM demuxer, with multiple SUSE advisories (SUSE-SU-2025:0063-1, SUSE-SU-2025:0064-1, SUSE-SU-2025:0067-1) listing this ...
PT-2023-25658 · Prolion · Prolion Cryptospike
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue concerns the login REST API when using LDAP or Active Directory as the user store. It allows a remote blocked user to login and obtain an authentication token by specifying a usernam...
com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +136 more potentially affected by CVE-2023-1584 via io.quarkus:quarkus-oidc (>=3.0.0.Alpha1 <=3.1.0.CR1)
io.quarkus:quarkus-oidc MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.6 and more Source cves: CVE-2023-1584 Source advisory: OSV:GHSA-6HC9-CF8X-HF83...
CVE-2023-4415
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...
WordPress Magic Login API Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Magic Login API Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6d2c95bc7776 Credits Rafie Muhammad Patchstack Required...
CVE-2023-2519
A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...
Sql injection
A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
Design/Logic Flaw
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...