92 matches found
CVE-2026-1433
The CVE-2026-1433 issue affects uniFLOW Universal Login Manager (ULM) Standalone. An information disclosure vulnerability allows an authenticated administrator to access sensitive configuration data via the ULM Remote User Interface (RUI). The exposure can reveal SMTP/LDAP integration configurati...
CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure
uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...
EUVD-2026-41848
uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...
CVE-2026-25710
A flaw was found in plasma-login-manager. A compromised plasmalogin service account could exploit this vulnerability to change the ownership of arbitrary files on the system. This could lead to privilege escalation, allowing an attacker to gain unauthorized control over system files and potential...
[SECURITY] Fedora 44 Update: plasma-login-manager-6.6.4-1.fc44
Plasma Login provides a display manager for KDE Plasma and with an new frontend providing a greeter, wallpaper plugin integration and a System Settings module KCM...
cosmic-greeter 安全漏洞
Cosmic-Greeter is a login manager open source from Pop!OS. Cosmic-Greeter has a security vulnerability, which stems from privilege disposal or reduction errors, as well as race conditions. This could allow attackers to reacquire discarded privileges and exploit the competing check logic...
[SECURITY] Fedora 42 Update: greetd-0.10.3-6.fc42
greetd is a minimal and flexible login manager daemon that makes no assumptions about what you want to launch...
[SECURITY] Fedora 43 Update: greetd-0.10.3-6.fc43
greetd is a minimal and flexible login manager daemon that makes no assumptions about what you want to launch...
EUVD-2006-6799
Malware in sbrugna...
EUVD-2012-1204
Malware in sbrugna...
EUVD-2009-1751
Malware in sbrugna...
EUVD-2006-6798
Malware in sbrugna...
EUVD-2025-11809
Malicious code in bioql PyPI...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
CVE-2025-54336
In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...
PT-2025-33731
Name of the Vulnerable Software and Affected Versions: Plesk Obsidian version 18.0.70 Description: The isAdminPasswordValid function in Plesk Obsidian uses a weak comparison == which allows an attacker to bypass the administrator password if the correct password is in the format "0e" followed by...
CVE-2025-2613
The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes...
CVE-2025-2613
The CVE-2025-2613 entry concerns the WordPress plugin Login Manager – Design Login Page, View Login Activity, Limit Login Attempts, with Stored XSS in the Custom logo and background URLs, affecting all versions up to 2.0.5. The root cause is insufficient input sanitization and output escaping, en...
CVE-2025-2613 Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL
The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes...