Webmin 安全漏洞

Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.510, which stems from an unvalidated HTTP Host header in the password reset function, which could allow an attacker to...

CVE-2025-61541

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality forgotsend.cgi. The reset link sent to users is constructed using the HTTP Host header via getwebminemailurl. An attacker can manipulate the Host header to inject a malicious domain into the reset email. If ...

EUVD-2025-25352

Malicious code in bioql PyPI...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180

CVE-2025-6180 affects StrongDM Client. The issue is insufficient protection of a pre-authentication token, allowing interception and reuse via a race condition that could potentially redeem valid authentication credentials. The impact is described as token-level exposure with elevated risk to con...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

CVE-2025-6180 Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition...

StrongDM Client 安全漏洞

StrongDM Client is a client software from StrongDM, Inc. A security vulnerability exists in StrongDM Client that stems from insufficient protection of pre-authenticated tokens, which could lead to interception and reuse of tokens...

PT-2025-34123 · Strongdm · Strongdm Client

Name of the Vulnerable Software and Affected Versions: StrongDM Client affected versions not specified Description: The StrongDM Client did not adequately protect a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication...

Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

CVE-2025-6227

Summary: CVE-2025-6227 affects Mattermost Server versions 10.5.x (<= 10.5.7) and 9.11.x (

CVE-2025-6227 Invite token is used as part of the secure communication

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...

PT-2025-27847 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress version 2.8.4 Description: The issue is due to an insecure OAuth implementation, specifically the lack of validation for the redirect uri parameter during the authorization flow. This allows unauthenticated...

Improper Certificate Validation

redshift-connector is vulnerable to Improper Certificate Validation. The vulnerability is due to improper SSL certificate validation due to the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL verification for the Identity Provider, allowing token interception...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279

CVE-2025-5279 : The issue affects the Amazon Redshift Python Connector when configured with the BrowserAzureOAuth2CredentialsProvider plugin, where the driver skips SSL certificate validation for the Identity Provider. This can allow an attacker to intercept the token exchange and retrieve an acc...

Amazon Redshift Python Connector 安全漏洞

Amazon Redshift Python Connector is an Amazon Redshift Connector for Python by Amazon.com, Inc. A security vulnerability exists in the Amazon Redshift Python Connector that stems from the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL certificate validation, which could lead to...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...