DRUPAL-CONTRIB-2025-062

This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent TFA from being bypassed when using the REST login routes. A new requirements check has been added to the status report so other...

CVE-2025-20151

A vulnerability in the implementation of the Simple Network Management Protocol Version 3 SNMPv3 feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from ...

Exploit for Code Injection in Ispconfig

CVE-2023-46818-Exploit This is my own exploit for CVE-2023-468...

CVE-2025-20212

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...

USN-7354-1 djoser vulnerability

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access...

Exploit for CVE-2025-20029

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP A...

CVE-2025-20170

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...

CVE-2025-20174

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...

CVE-2025-20180 Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...

CVE-2024-40872

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...

CVE-2024-53683

CVE-2024-53683 affects the Ossur Mobile Logic Application. Hard-coded/valid credentials in a .js file and a static token found in the decompiled IPA could enable an attacker to disrupt normal use by altering translation files, compromising integrity. Public sources indicate vulnerable versions ex...

CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials...

CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials...

CVE-2024-47571

Fortinet FortiManager 6.4.12–7.4.0 exposes a post-release reuse/session expiration issue where an operation on a resource after expiration or release can allow an attacker to gain improper access to FortiGate via valid credentials. Affected component is FortiManager CLI/session handling; root cau...

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

Cisco NX-OS Improper Verification of Cryptographic Signature (CVE-2017-12331)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX- OS signature verification for software patches. An authenticated, local attacker could exploit...

CVE-2022-20626

A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...

CVE-2024-20268

A vulnerability in the Simple Network Management Protocol SNMP feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to...

PT-2024-10189 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 6.4.12 through 7.4.0 Description: The issue is related to an operation on a resource after expiration or release, allowing an attacker to gain improper access to FortiGate via valid credentials. This is associat...