Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.8 views

CVE-2024-31955

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB Replay Protected Memory Block area without possessing secret information...

4.9CVSS7.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 a.m.13 views

CVE-2015-5298

The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...

6.5CVSS6.6AI score0.00641EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/21 3:32 a.m.11 views

Signature Wrapping Attack

samlify is vulnerable to a Signature Wrapping attack. The vulnerability is due to improper validation of signed XML documents, allowing an attacker to forge a SAML Response and authenticate as any user...

9.9CVSS6.6AI score0.00458EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 9:38 a.m.9 views

CVE-2025-26390

A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...

9.8CVSS9.9AI score0.00553EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/13 9:38 a.m.14 views

CVE-2025-26390

A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...

9.8CVSS0.00553EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/06 4:51 p.m.17 views

ZITADEL Allows IdP Intent Token Reuse

Impact ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to...

8CVSS6.9AI score0.00404EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/25 5:48 p.m.22 views

CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

6.3CVSS6.8AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/25 5:48 p.m.26 views

CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...

6.3CVSS0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-38439

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 1.17.6 HashiCorp Vault Enterprise versions prior to 1.17.6, 1.16.10, and 1.15.15 Description The issue arises from the SSH secrets engine not requiring the valid principals list to contain a...

9.9CVSS7.8AI score0.97781EPSS
Exploits21References152
Debian CVE
Debian CVE
added 2024/09/05 12:0 a.m.21 views

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...

9.8CVSS5.5AI score0.00387EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/11 6:15 p.m.15 views

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

6.5CVSS6AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2023/12/22 5:15 p.m.27 views

CVE-2023-49792

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

9.8CVSS0.01041EPSS
Exploits0References3
Prion
Prion
added 2023/10/25 6:17 p.m.21 views

Design/Logic Flaw

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...

2.6CVSS5.6AI score0.0055EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/05/03 1:15 p.m.23 views

Input validation

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

5.8CVSS8.6AI score0.00332EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/03 12:33 p.m.32 views

CVE-2023-1385

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with...

7.1CVSS8.9AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/18 3:23 p.m.7 views

CVE-2021-4314

It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the...

5.5AI score0.00442EPSS
Exploits0References1
NVD
NVD
added 2022/07/07 7:15 p.m.27 views

CVE-2015-5298

The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...

6.5CVSS0.00641EPSS
Exploits0References2
exploitpack
exploitpack
added 2018/07/20 12:0 a.m.25 views

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass Exploit Title: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 - Unauthorized Authentication Reset Date: 2018-07-20 Software Link: https://world.trivum-shop.de Version: 2.56 build 13381 - 12-07-2018 Category: webapps...

7.5CVSS0.50601EPSS
Exploits3
NVD
NVD
added 2018/07/17 2:29 p.m.23 views

CVE-2018-13859

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful...

9.8CVSS9.5AI score0.17871EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2018/01/09 12:0 a.m.20 views

Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3520-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3520-1 advisory. It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as a...

8.1CVSS7.1AI score0.0252EPSS
Exploits0References2
Rows per page
Query Builder