14 matches found
CVE-2026-25574
Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...
CVE-2026-25574
Payload CMS prior to 3.74.0 is affected by a cross-collection IDOR in the payload-preferences internal collection. In multi-auth environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and delete preferences belonging to ...
CVE-2026-25574 Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)
Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...
Authorization Bypass Through User-Controlled Key
Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the auth collections in multi-auth collection environments using Postgres or SQLite with serial or...
payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)
Impact A cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and...
GHSA-JQ29-R496-R955 payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)
Impact A cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and...
EUVD-2018-0986
Malware in sbrugna...
Security Advisory 0103
Security Advisory 0103 . CSAF PDF Date: July 23, 2024 Revision | Date | Changes ---|---|--- 1.0 | July 23, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-6858 CVSSv3.1 Base Score: 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Common Weakness Enumeration: CWE-287 Improper...
Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass (cisco-sa-20180328-dot1x)
According to its self-reported version, Cisco IOS is affected by an authentication bypass vulnerability in the 802.1x multiple-authentication multi-auth feature due to a logic change error introduced into the code. An unauthenticated, adjacent attacker could exploit this, by trying to access an...
Cisco Ios Improper Authentication
A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...
CVE-2018-0163
A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...
Authentication flaw
A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...
CVE-2018-0163
The CVE-2018-0163 issue affects Cisco IOS Software’s 802.1x multiple-authentication (multi-auth) feature. A logic-change error in the code allows an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port after a successful supplicant has authenticated, ...
Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability
A vulnerability in the 802.1x multiple-authentication multi-auth feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker...