CVE-2026-25710

A flaw was found in plasma-login-manager. A compromised plasmalogin service account could exploit this vulnerability to change the ownership of arbitrary files on the system. This could lead to privilege escalation, allowing an attacker to gain unauthorized control over system files and potential...

[SECURITY] Fedora 44 Update: plasma-login-manager-6.6.4-1.fc44

Plasma Login provides a display manager for KDE Plasma and with an new frontend providing a greeter, wallpaper plugin integration and a System Settings module KCM...

cosmic-greeter 安全漏洞

Cosmic-Greeter is a login manager open source from Pop!OS. Cosmic-Greeter has a security vulnerability, which stems from privilege disposal or reduction errors, as well as race conditions. This could allow attackers to reacquire discarded privileges and exploit the competing check logic...

[SECURITY] Fedora 42 Update: greetd-0.10.3-6.fc42

greetd is a minimal and flexible login manager daemon that makes no assumptions about what you want to launch...

[SECURITY] Fedora 43 Update: greetd-0.10.3-6.fc43

greetd is a minimal and flexible login manager daemon that makes no assumptions about what you want to launch...

EUVD-2012-1204

Malware in sbrugna...

EUVD-2009-1751

Malware in sbrugna...

EUVD-2006-6799

Malware in sbrugna...

EUVD-2006-6798

Malware in sbrugna...

EUVD-2025-11809

Malicious code in bioql PyPI...

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

PT-2025-33731

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian version 18.0.70 Description: The isAdminPasswordValid function in Plesk Obsidian uses a weak comparison == which allows an attacker to bypass the administrator password if the correct password is in the format "0e" followed by...

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

CVE-2025-2613

The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-2613 Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL

The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-2613

The CVE-2025-2613 entry concerns the WordPress plugin Login Manager – Design Login Page, View Login Activity, Limit Login Attempts, with Stored XSS in the Custom logo and background URLs, affecting all versions up to 2.0.5. The root cause is insufficient input sanitization and output escaping, en...

WordPress plugin Login Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-17250 · WordPress · The Login Manager – Design Login Page

Name of the Vulnerable Software and Affected Versions: The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via Custom logo and background URLs du...

WordPress Login Manager plugin <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Custom URL vulnerability discovered by Arshid KV in WordPress Plugin Login Manager versions = 2.0.5...