EUVD-2026-9375

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

PT-2026-22883

Name of the Vulnerable Software and Affected Versions IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver affected versions not specified Description The /root/anaconda-ks.cfg installation configuration file insecurely stores a hardcoded root password hash. This password is highly susceptible to...

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the userID authentication. An attacker can gain unauthorized access by leveraging...

EUVD-2025-203373

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document beyond profile fields, including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privileg...

CVE-2025-65780

CVE-2025-65780 affects Wekan up to version 18.15 (fixed in 18.16). The issue allows an authenticated user to modify their entire user document (including orgs/teams and loginDisabled) due to missing server-side authorization checks, enabling privilege escalation and unauthorized access to other t...

CVE-2024-44795

A cross-site scripting XSS vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

PT-2024-31253

Name of the Vulnerable Software and Affected Versions Gazelle version 63b3370 Description A cross-site scripting XSS issue exists in the /login/disabled.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

Gazelle 安全漏洞

Gazelle is a web framework for private BitTorrent trackers from the individual developers at WhatCD. Gazelle has a security vulnerability that stems from a cross-site scripting vulnerability in the username parameter of the /login/disabled.php file...

PT-2004-1397 · Ibm · Aix

Name of the Vulnerable Software and Affected Versions: AIX versions 4.3.3 through 5.1 Description: The issue allows remote attackers to guess the password via brute force methods when direct remote login is disabled. This occurs because AIX displays a different message if the password is correct...

DEBIAN-CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

PT-2003-2507 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1p2 and earlier Description: The issue allows remote attackers to potentially determine if the password step of a multi-step authentication is successful by using timing differences. This occurs when PermitRootLogin is...