Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-9336
The clean-login plugin prior to 1.5.1 for WordPress has reflected XSS.
Codection Clean Login
NA
CVE-2023-37947
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openshift Login
NA
CVE-2022-46683
Jenkins Google Login Plugin 1.4 up to and including 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Jenkins Google Login
NA
CVE-2023-2223
The Login rebuilder WordPress plugin prior to 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multis...
12net Login Rebuilder
668
VMScore
CVE-2007-4342
PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVE...
Phpcentral Login 1.0
NA
CVE-2023-22958
The Syracom Secure Login plugin prior to 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
Syracom Secure Login
NA
CVE-2022-4838
The Clean Login WordPress plugin prior to 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used aga...
Codection Clean Login
481
VMScore
CVE-2014-5665
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Mr384 Mzone Login 1.2.0
668
VMScore
CVE-2017-18573
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
NA
CVE-2022-3098
The Login Block IPs WordPress plugin up to and including 1.0.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Gunkastudios Login Block Ips
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »