Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login security vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-11711
An issue exists in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It i...
Stormshield Stormshield Network Security
6.5
CVSSv3
CVE-2023-20168
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local malicious user to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication ...
Cisco Nx-os 9.3\\(11\\)
Cisco Nx-os 10.2\\(5\\)
Cisco Nx-os -
4.3
CVSSv3
CVE-2023-39343
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version ...
Sulu Sulu
5.7
CVSSv3
CVE-2023-32263
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability on...
Microfocus Dimensions Cm
8.8
CVSSv3
CVE-2023-37946
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions does not invalidate the previous session on login.
Jenkins Openshift Login
6.1
CVSSv3
CVE-2023-37947
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openshift Login
4.3
CVSSv3
CVE-2021-4425
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated malicious users...
Wpmudev Defender Security
7.5
CVSSv3
CVE-2023-20108
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote malicious user to cause a temporary service outage for all Cisco Unified CM IM&P us...
Cisco Unified Communications Manager Im And Presence Service 12.5\\(1\\)
Cisco Unified Communications Manager Im And Presence Service 14su
8.8
CVSSv3
CVE-2023-2533
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an malicious user to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a cur...
Papercut Papercut Mf 22.0.10
Papercut Papercut Ng 22.0.10
8.8
CVSSv3
CVE-2023-34108
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an malicious user to manipulate internal Dovecot variables by using s...
Mailcow Mailcow\\ Dockerized
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »