CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CVE-2026-1203

CVE-2026-1203 affects CRMEB up to version 5.6.3. The vulnerability resides in the function remoteRegister in crmeb/app/services/user/LoginServices.php of the JSON Token Handler . Manipulating the argument uid can lead to improper authentication, with the attack possible remotely and reportedly of...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

EUVD-2013-1093

Malware in sbrugna...

EUVD-2012-0982

Malware in sbrugna...

EUVD-2023-2569

Malicious code in bioql PyPI...

CVE-2025-57437

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC,...

Linux Distros Unpatched Vulnerability : CVE-2023-41900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty...

KuWFi GC111 安全漏洞

KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in KuWFi GC111 GC111-GL-LM321V3.020191211, which stems from TELNET service being enabled by default and unauthenticated...

CVE-2020-9495

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

Siemens Teamcenter Redirection Vulnerability

Teamcenter software is an adaptable, modern Product Lifecycle Management PLM system that connects people and processes across functional silos through digital threads to enable innovation. A redirection vulnerability exists in the Siemens Teamcenter SSO login service, which can be exploited by an...

CVE-2025-23363

Summary (CVE-2025-23363): Siemens Teamcenter V14.x products disclose an open-redirect issue in the SSO login service. The SSO accepts user-controlled input that can specify an external URL, enabling an attacker to lure a legitimate user into clicking a crafted link that redirects to a malicious s...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

Apereo CAS 授权问题漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo Open Source. An authorization issue vulnerability exists in Apereo CAS version 6.6, which stems from the /login?service page in the 2FA component containing an improper authentication issue...

PT-2024-6512 · Totolink · Totolink T10 Ac1200

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 AC1200 version 4.1.8cu.5207 Description: The issue is related to the use of hard-coded credentials in the file /squashfs-root/web cste/cgi-bin/product.ini of the Telnet Service component. This allows a remote attacker to gain...

VulnCheck KEV: CVE-2024-0799

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin...

Arcserve Unified Data Protection Security Vulnerability

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions 9.2 and 8.1, which originates in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server. An authentication...

jetty: OpenId Revoked authentication allows one request

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

CVE-2023-4102

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

DEBIAN-CVE-2023-41900

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...