Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login security project login security vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
5.8
CVSSv2
CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects aft...
Flask-security Project Flask-security
1 Github repository
NA
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
4.3
CVSSv2
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before ver...
Flask-security-too Project Flask-security-too
5.8
CVSSv2
CVE-2022-25896
This affects the package passport prior to 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
Passport Project Passport
4.3
CVSSv2
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
7.5
CVSSv2
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki
4.3
CVSSv2
CVE-2013-6454
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via a -o-link attribute.
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
5
CVSSv2
CVE-2013-6472
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
4.3
CVSSv2
CVE-2019-10214
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne...
Buildah Project Buildah -
Libpod Project Libpod -
Redhat Openshift Container Platform 4.1
Skopeo Project Skopeo -
Redhat Enterprise Linux 8.0
Opensuse Leap 15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »