Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32263
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability on...
Microfocus Dimensions Cm
NA
CVE-2023-37947
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openshift Login
NA
CVE-2023-37946
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions does not invalidate the previous session on login.
Jenkins Openshift Login
NA
CVE-2021-4425
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated malicious users...
Wpmudev Defender Security
NA
CVE-2023-20108
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote malicious user to cause a temporary service outage for all Cisco Unified CM IM&P us...
Cisco Unified Communications Manager Im And Presence Service 12.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 14su
NA
CVE-2023-2533
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an malicious user to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a cur...
Papercut Papercut Mf 22.0.10
Papercut Papercut Ng 22.0.10
NA
CVE-2023-34108
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an malicious user to manipulate internal Dovecot variables by using s...
Mailcow Mailcow\\ Dockerized
NA
CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by...
Splunk Splunk Cloud Platform
Splunk Splunk
3 Github repositories
NA
CVE-2023-20003
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent malicious user to bypass social login authentication. This vulnerability is due to a logic error with the social lo...
Cisco Business 140ac Access Point Firmware
Cisco Business 141acm Firmware
Cisco Business 142acm Firmware
Cisco Business 143acm Firmware
Cisco Business 151axm Firmware 10.4.2
Cisco Business 145ac Access Point Firmware
Cisco Business 150ax Access Point Firmware 10.4.2
Cisco Business 240ac Access Point Firmware
NA
CVE-2023-31145
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a...
Collabora Online
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »