PT-2025-44765

Name of the Vulnerable Software and Affected Versions Raspberry Pi Imager version 1.9.6 Description An issue exists in the OS customization feature of Raspberry Pi Imager. The 'public-key authentication' setting unintentionally re-adds a user's id rsa.pub key from their local Windows machine to t...

EUVD-2025-37486

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's idrsa.pub key from their local Windows machine to the authorizedkeys file on the Raspberry Pi, even after the user...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

EUVD-2025-37318

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

EUVD-2024-55057

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX Dovecot Pro that stems from the passdb or userdb driver incorrectly caching all users with the same cache key when caching is enabled, causing subsequent...

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 implement a missing authorization control when the 'Allow Insecure Logins' option is enabled. This allows a user to create valid login credentials for other users without proper authorization, leading to potential unauthorized account creation and privilege ...

CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

8 Best Password Managers (2025), Tested and Reviewed

Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers...

PT-2025-44497

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2 Description Nagios XI versions prior to 2024R1.1.2 have a flaw where authorization checks are absent when the 'Allow Insecure Logins' option is active. This allows any user to generate valid login...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.2 that stems from a lack of...

X to Retire Twitter.com, Users Must Re-Register Security Keys by Nov 10

X formerly Twitter is asking users with security keys to re-enroll by Nov 10 as it moves logins from twitter.com to x.com for continued 2FA access...

GHSA-M58F-9PVV-8MP2 Moodle vulnerable to brute-force password guesses

Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

EUVD-2025-35189

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information...

New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins

Sublime Security warns of a massive credential phishing scam using fake job offers from brands like KFC and Red Bull to steal Facebook login details. Don't fall for the trap...