12 matches found
CVE-2026-27707
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...
CVE-2025-1475
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
CVE-2025-0663
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
PT-2025-39180
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A cross-tenant authentication issue exists because of a flawed cryptographic design in Adaptive Authentication. A single cryptographic key is used for all tenants to sign authentication...
TShock Security Escalation Exploit
Impact An issue with the way OTAPI manages client connections results in stale UUIDs remaining on RemoteClient instances after a player disconnects. Because of this, if the following conditions are met a player may assume the login state of a previously connected player: 1. The server has UUID...
CVE-2024-2859
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account...
Brocade SANnav 安全漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav, which stems from the fact that access to root with root user login enabled exposes SANnav to a remote attacker...
PT-2024-3488 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions affected versions not specified Description: The issue is related to inadequate access control in the software, which could allow a remote attacker to impact the confidentiality, integrity, and availability of protecte...
Contec CONPROSYS HMI System SQL注入漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System version 3.5.0 and prior versions, which can be exploited to execute arbitrary...
Discuz! DiscuzX file deletion vulnerability
Discuz! DiscuzX is an online forum system. A file deletion vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to delete the commonmemberwechatmp data structure by sending an ac=unbindmp request to the plugin.php page when wechat login is enabled...
ManageEngine ServiceDesk Plus Detection
The remote web server hosts ManageEngine ServiceDesk Plus, a web-based help desk management application written in Java. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55444; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/03/15...