JetBrains TeamCity <= 2025.11.4 Privilege Escalation (CVE-2026-44413)

The version of JetBrains TeamCity installed on the remote host is 2025.11.4 or prior. It is, therefore, affected by a post-authentication privilege escalation vulnerability that may allow any authenticated user, including standard or guest accounts, to expose some parts of the TeamCity server API...

EUVD-2026-23519

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

DEBIAN-CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

VulnCheck KEV: CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

CVE-2025-49218

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute...

Fedora 42 : roundcubemail (2025-70701de9de)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-70701de9de advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...

Post-Auth Remote Code Execution found in Roundcube Webmail

Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

PT-2024-9755

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely. The issue is related to incorrect code generation management. This...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

GO-2024-3228 Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder

Coder vulnerable to post-auth URL redirection to untrusted site 'Open Redirect' in github.com/coder/coder...

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal", 'Description' = %q This module exploits a directory...

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rkelly' class MetasploitModule 'Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal', 'Description' = %q This module exploits a...

Pulse Secure VPN Arbitrary File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary File Disclosure', 'Description' = %q This module exploits a pre-auth directory traversal in the Pulse Secure VPN serve...

CVE-2023-26315

The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device...