Windows Registry Active Setup Persistence

This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...

CVE-2025-13982

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

CVE-2025-13982

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

CVE-2025-13982 Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

EUVD-2025-206439

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

CVE-2025-13982 Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

CVE-2025-13982

CVE-2025-13982 describes a CSRF vulnerability in the Drupal Login Time Restriction module. Affected are versions prior to 1.0.3, where the module does not sufficiently protect its confirmation/logout routes from CSRF. Impact: an attacker could perform actions on behalf of authenticated users. Rem...

SUSE CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

CVE-2025-68943

A flaw was found in Gitea. This vulnerability allows for the inadvertent disclosure of users' login times. A remote attacker can exploit this by utilizing the lastlogintime explore/users sort order, leading to the exposure of sensitive user activity information. Mitigation Mitigation for this iss...

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

CVE-2025-68943

Summary: Gitea before 1.21.8 exposes users’ login times by the lastlogintime sort on the Explore/Users page. Affected: Gitea (code.gitea.io/gitea) prior to 1.21.8, including related models/routers. Root cause: sorting logic allows inadvertent disclosure of login timestamps. Impact: disclosure of ...

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.21.8, which stems from allowing user login times to be exposed via lastlogintime sorting...

EUVD-2025-28011

Malicious code in bioql PyPI...

EUVD-2025-26299

Malicious code in bioql PyPI...

CVE-2025-43754

CVE-2025-43754 describes a timing-based username-enumeration flaw in Liferay Portal/DXP. Affected: Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2024.Qx.0–2024.Qx.7, various 2024 Q releases, and 7.4 GA through update 92. Root cause: differences in server processing time during login requests dis...

LVDA 2402 | Ubuntu VDAs taking a long time (2-3min) to login

Customer is experiencing unusual slow logon when launching a published desktop hosted on Ubuntu It typically takes about 2 to 3 minutes to login...

CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

CVE-2024-7341

CVE-2024-7341 describes a session fixation flaw in Keycloak’s SAML adapters (Elytron SAML) where the session ID and JSESSIONID cookie are not rotated on login, even with turnOffChangeSessionIdOnLogin enabled. This allows an attacker who hijacks the current session before authentication to trigger...

WordPress Plugin Defender Security 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...