188 matches found
CVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...
CVE-2020-36948
CVE-2020-36948 concerns VestaCP 0.9.8-26, where the LoginAs module contains a session token vulnerability due to insufficient token validation . This allows remote attackers to manipulate authentication tokens, enabling access to user accounts and performing unauthorized login requests without pr...
NervesHub security feature vulnerability
NervesHub is a software developed under open source by NervesHub for managing firmware updates of Nerves devices. Versions of NervesHub from 1.0.0 to 2.3.0 had security vulnerabilities. These vulnerabilities stemmed from the predictable and non-encrypted token format, which could lead to...
CVE-2023-40343
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...
CVE-2017-18179
Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...
CVE-2025-15117
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...
WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...
EUVD-2018-4050
Malware in sbrugna...
EUVD-2020-4160
Malware in sbrugna...
EUVD-2018-5587
Malware in sbrugna...
EUVD-2021-24190
Malware in sbrugna...
EUVD-2018-5591
Malware in sbrugna...
EUVD-2018-5522
Malware in sbrugna...
EUVD-2021-23493
Malware in sbrugna...
EUVD-2018-5477
Malware in sbrugna...
EUVD-2018-5116
Malware in sbrugna...
EUVD-2018-6011
Malware in sbrugna...
EUVD-2018-10381
Malware in sbrugna...