24 matches found
EUVD-2026-14654
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...
EUVD-2021-21238
Malware in sbrugna...
BIT-MOODLE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
Moodle 4.3.x < 4.3.5 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.1.x < 4.1.11 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.2.x < 4.2.8 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the use of the same key for a user's QR code login key and automatic login k...
PT-2024-27916 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...
CVE-2023-42147
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component...
CVE-2023-42147
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component...
CVE-2023-42147
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component...
CVE-2023-42147
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component...
CVE-2023-42147
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component...
CloudExplorer Lite Security Vulnerability
CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. A security vulnerability...
PT-2023-28283 · Unknown · Cloudexplorer Lite
Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite version 1.3.1 Description: An issue in CloudExplorer Lite allows an attacker to obtain sensitive information via the login key component. Recommendations: For CloudExplorer Lite version 1.3.1, consider disabling the login k...
CVE-2023-42147
CVE-2023-42147 affects CloudExplorer Lite 1.3.1, with the vulnerable component described as the login key. The available documents state that an attacker can obtain sensitive information via this component, indicating a confidentiality impact (high) per CVSS 3.1 metrics. The root cause is not exp...
CVE-2021-34588
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...
Bender ebee 充电控制器 安全漏洞
The ebee is a charge controller from Bender. A security vulnerability exists in the Bender ebee Charge Controller that stems from an unprotected data export. The backup export is protected by a random key. The key is set at user login. It is empty after a reboot. An attacker can exploit this...
CVE-2020-15319
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree...