9 matches found
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2025-70866
CVE-2025-70866 — LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low privileges (User role) can directly access the admin backend via /admin/login because the admin and user authentication guards share the same user provider without role-based access cont...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
GHSA-7MX2-7Q8P-PGMW Symfony may allow a user to switch to using another user's identity
Symfony 2.0.6 has just been released. It addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge. If you let your users update their login/username from a form, and if you are using Doctrine as a user provider, then you are vulnerable and you should upgrade...
Default credentials
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...
CVE-2017-14775
CVE-2017-14775 affects Laravel before 5.5.10. The vulnerability arises because the remember_me token verification is mishandled: the DatabaseUserProvider does not use constant-time token comparison, enabling potential timing-based leakage. Affected software: Laravel (PHP framework) prior to 5.5.1...