Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
identity vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-48654
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
9.8
CVSSv3
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...
Apache Struts
13 Github repositories
2 Articles
9.8
CVSSv3
CVE-2023-48228
authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to ...
Goauthentik Authentik
9.8
CVSSv3
CVE-2023-46249
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an malicious user to set the password of the default admin user without any authentication. authentik uses a bluep...
Goauthentik Authentik
9.8
CVSSv3
CVE-2023-37920
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subje...
Kennethreitz Certifi
3 Github repositories
9.8
CVSSv3
CVE-2022-48513
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
Huawei Emui 11.0.1
Huawei Emui 12.0.0
Huawei Harmonyos 3.0.0
Huawei Emui 12.0.1
Huawei Harmonyos 2.0.1
Huawei Harmonyos 3.1.0
Huawei Harmonyos 2.0.0
Huawei Emui 13.0.0
9.8
CVSSv3
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is...
Zohocorp Manageengine Adselfservice Plus 6.1
Zohocorp Manageengine Adselfservice Plus
2 Github repositories
9.8
CVSSv3
CVE-2023-33189
Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
Pomerium Pomerium
Pomerium Pomerium 0.20.0
Pomerium Pomerium 0.18.0
9.8
CVSSv3
CVE-2023-25613
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby prior to 2.0.3.
Apache Identity Backend
9.8
CVSSv3
CVE-2022-42970
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, ...
Schneider-electric Apc Easy Ups Online Monitoring Software
Schneider-electric Easy Ups Online Monitoring Software
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »