Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:15 a.m.7 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS6.8AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.5 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS6.9AI score0.00726EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.16 views

CVE-2021-38376

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call...

5.3CVSS6.7AI score0.01444EPSS
Exploits3References1
OSV
OSV
added 2025/05/06 4:38 p.m.5 views

GHSA-4G8M-5MJ5-C8XG Umbraco Makes User Enumeration Feasible Based on Timing of Login Response

Impact Based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. Patches Patched in 10.8.10 and 13.8.1. Workarounds None available...

5.3CVSS6.7AI score0.00306EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/26 11:45 a.m.3 views

Malicious code in swift-login-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbad853440515e1762a39bb7b7d5a115b77cf243fd0ee0b3bbd82c1ac8bab0c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/01/26 11:45 a.m.7 views

MAL-2025-587 Malicious code in swift-login-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbad853440515e1762a39bb7b7d5a115b77cf243fd0ee0b3bbd82c1ac8bab0c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.4 views

PT-2024-36188 · Unknown · Aicomments

Name of the Vulnerable Software and Affected Versions: AIcomments versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into...

4.3CVSS7AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.3 views

PT-2024-33153 · Unknown · Best House Rental Management System Project In Php

Name of the Vulnerable Software and Affected Versions: Best House rental management system project in php version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the username parameter of the "login request" API endpoint. This enables the attacker to inject...

9.8CVSS9AI score0.00864EPSS
Exploits1References3
Veracode
Veracode
added 2024/10/03 8:44 a.m.9 views

Open Redirect

scoutbrowser is vulnerable to Open Redirect. The vulnerability is due to inadequate input validation and sanitization in the /login API endpoint, which does not properly handle the next parameter, and lack of scheme validation, which allows for both open redirects and HTTPS downgrade attacks...

6.1CVSS6.5AI score0.00379EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/30 3:17 p.m.15 views

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

5.4CVSS6.6AI score0.00379EPSS
Exploits1References2
CVE
CVE
added 2024/09/30 3:17 p.m.93 views

CVE-2024-47530

CVE-2024-47530 affects gstreamer-plugins-good in SUSE open advisories. The connected documents specify the vulnerability as an uninitialized stack memory issue in the Matroska/WebM demuxer, with multiple SUSE advisories (SUSE-SU-2025:0063-1, SUSE-SU-2025:0064-1, SUSE-SU-2025:0067-1) listing this ...

6.1CVSS5.4AI score0.00379EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.7 views

PT-2023-25658 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue concerns the login REST API when using LDAP or Active Directory as the user store. It allows a remote blocked user to login and obtain an authentication token by specifying a usernam...

9.8CVSS7.3AI score0.00985EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/10/04 12:30 p.m.6 views

com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +136 more potentially affected by CVE-2023-1584 via io.quarkus:quarkus-oidc (>=3.0.0.Alpha1 <=3.1.0.CR1)

io.quarkus:quarkus-oidc MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.6 and more Source cves: CVE-2023-1584 Source advisory: OSV:GHSA-6HC9-CF8X-HF83...

7.5CVSS7.1AI score0.00963EPSS
Exploits0
OSV
OSV
added 2023/08/18 4:15 p.m.3 views

CVE-2023-4415

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS5.4AI score0.56147EPSS
Exploits5References3
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Magic Login API Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Magic Login API Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6d2c95bc7776 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/04 5:15 p.m.8 views

CVE-2023-2519

A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...

9.8CVSS6.8AI score0.00619EPSS
Exploits0References2
Prion
Prion
added 2023/05/04 5:15 p.m.9 views

Sql injection

A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...

7.5CVSS9.6AI score0.00619EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/04/29 1:15 a.m.20 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS4.5AI score0.00726EPSS
Exploits0References4
OSV
OSV
added 2023/04/29 1:15 a.m.4 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS4.3AI score0.00726EPSS
Exploits0References4
Prion
Prion
added 2023/04/29 1:15 a.m.26 views

Design/Logic Flaw

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

1.8CVSS5.8AI score0.00726EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder