Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4537
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restricti...
Wpplugins Hide My Wp Ghost
NA
CVE-2023-1778
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote malicious user to login as superuser by using default username/password via web-based management interface and/or ...
Gajshield Data Security Firewall Firmware
NA
CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and previous versions on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimple...
Devolutions Workspace
NA
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user acc...
Rapid7 Insightvm
NA
CVE-2023-26047
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizo...
Kitabisa Teler-waf
NA
CVE-2023-26046
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an malicio...
Kitabisa Teler-waf
NA
CVE-2023-20012
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the im...
Cisco Nexus 93180yc-fx3s Firmware -
Cisco Nexus 93180yc-fx3 Firmware -
Cisco Ucs Central Software
Cisco Ucs 6536 Firmware -
Cisco Ucs 64108 Firmware -
Cisco Ucs 6454 Firmware -
NA
CVE-2023-25570
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Mal...
Apolloconfig Apollo
NA
CVE-2023-25561
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an maliciou...
Datahub Project Datahub
NA
CVE-2023-25194
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been ...
Apache Kafka Connect
6 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »