CVE-2026-25574 Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...

CVE-2026-25574 Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...

Payload 安全漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.74.0 have a security vulnerability. This vulnerability stems from an insecure direct object reference within the payload-preferences collection. In environments...

PT-2026-6651

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.74.0 Description Payload is a headless content management system. A cross-collection Insecure Direct Object Reference IDOR exists in the payload-preferences internal collection. In multi-auth collection environments...

EUVD-2012-2348

Malware in sbrugna...

Cisco IOS Software Authentication Bypass Vulnerability

Cisco IOS Software is a set of operating systems developed by Cisco for its network devices. An authentication bypass vulnerability exists in the 802.1x multiple-authentication multi-auth feature in Cisco IOS Software. An attacker can exploit this vulnerability by accessing the 802.1x...

CVE-2018-0163

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

CVE-2018-0163

A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...

Mail.Ru выйдет на Запад под брендом my.com

Российская интернет-компания Mail.Ru Group будет использовать имя my.com для глобального развития, сообщается в пресс-релизе. Гендиректор компании Дмитрий Гришин пояснил, что на сегодняшний день сервисами Mail.Ru Group пользуется более 90 процентов российских интернет-пользователей. Компания такж...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

Authentication flaw

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

UBUNTU-CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

CVE-2012-2357 affects Moodle 2.1.x (before 2.1.6) and 2.2.x (before 2.2.3). The issue is in the Multi-Authentication CAS feature (auth/cas/cas_form.html) that does not use HTTPS, enabling credential sniffing over the network by remote attackers. The root cause is unauthenticated, unencrypted tran...

PT-2012-3978 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 Description: The issue concerns the Multi-Authentication feature in the Central Authentication Service CAS functionality. It does not utilize HTTPS, allowing remote...