CVE-2019-25728 Care2x 2.7 Hospital Information System SQL Injection via ck_config

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...

GHSA-MCWH-C9PG-XW43 Apache Kafka Deserialization of Untrusted Data vulnerability

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

SUSE CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

PT-2024-30612 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to improper authentication in the login modules of Microchip TimeProvider 4100, which allows session hijacking. Recommendations: For versions 1.0 through...

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

Denial of service

An uncontrolled resource consumption denial of service vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...