462 matches found
CVE-2025-44898
CVE-2025-44898 affects PLANET FW-WGS-804HPT firmware version 1.305b241111. A stack overflow is triggered by theauthName parameter in the web_aaa_loginAuthlistEdit function, with potential full impact on confidentiality, integrity, and availability (CVSS 3.1: 9.8 CRITICAL). Documented sources do n...
CVE-2025-44898
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the webaaaloginAuthlistEdit function...
CVE-2025-22375 Authentication Bypass in CyberAudit-Web
An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instanc...
About the security content of Safari 18.4
About the security content of Safari 18.4 This document describes the security content of Safari 18.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from a malicious website that...
Ivanti Connect Secure HTTP Scanner
This module will perform authentication scanning against Ivanti Connect Secure. Module Options msf use auxiliary/scanner/ivanti/ivantilogin msf auxiliaryivantilogin show actions ...actions... msf auxiliaryivantilogin set ACTION msf auxiliaryivantilogin show options ...show and set options... msf...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and earlier, which stems from a missing password mask in the web-based SSH...
CVE-2024-7585
A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launche...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.4, which stems from the inclusion of an authorization error vulnerability...
CVE-2024-51114
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/webauth/customizable.php file...
Moodle Authorization Issues Vulnerability (CNVD-2024-46247)
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from the need to perform additional checks to ensure that ...
Moodle Authorization Issues Vulnerability (CNVD-2024-46249)
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from the need to perform additional checks to ensure that...
OESA-2024-2459 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting...
IBM Security SOAR Authorization Issues Vulnerability
IBM Security SOAR is a product from International Business Machines IBM, formerly known as Resilient. designed to help your security team confidently respond to cyber threats, automate through intelligence, and collaborate through consistency. IBM Security SOAR has an authorization issue...
Fedora 41 : chromium (2024-3a6f9ab958)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a6f9ab958 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...
REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers
Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...
CVE-2024-47406
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...
Fedora: Security Advisory (FEDORA-2024-c0b1d26de3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-4d80983af6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the application programming interface WebAuthn in browsers Google Chrome and Microsoft Edge allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Application Programming Interface WebAuthn of Google Chrome and Microsoft Edge browsers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...