CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

CVE-2025-14386

The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...

PT-2025-46874

Name of the Vulnerable Software and Affected Versions Mattermost Mobile Apps versions prior to 2.32.0 Description The Mattermost Mobile Apps do not properly validate Single Sign-On SSO redirect tokens to ensure they come from a trusted server. This allows a malicious Mattermost instance or an...

EUVD-2013-6541

Malware in sbrugna...

PT-2025-18697 · Kunbus · Kunbus Pictory

Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue allows for cross-site scripting attacks via the sso token used for authentication. If an attacker provides a user with a KUNBUS PiCtory URL containing an HTML script as an sso...

KUNBUS PiCtory 安全漏洞

KUNBUS PiCtory is a graphical software tool from KUNBUS Corporation for configuring and managing the KUNBUS Revolution Pi industrial computer. A security vulnerability exists in KUNBUS PiCtory version 2.11.1 and earlier, which stems from an unescaped ssotoken and could lead to a cross-site...

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities an Open Redirect and session token sent as URL query parameter in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction one click. Impact...

CVE-2022-43654

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists with...

Security feature bypass

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855...

CVE-2013-6739

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855...

Cisco Unified Communications Manager 'CTIManager' Remote Command Execution (CSCum95491)

According to its self-reported version, the remote Cisco Unified Communications Manager CUCM device has a flaw in the 'CTIManager' module that allows a remote, authenticated attacker to execute arbitrary commands with elevated privileges by using a specially crafted SSO token. %NASLMINLEVEL 70300...