Show filters
1,725 Total Results
Displaying 41-50 of 1,725
Sort by:
Attacker Value
Unknown
CVE-2025-24894
Disclosure Date: February 18, 2025 (last updated February 19, 2025)
SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML eleme…
0
Attacker Value
Unknown
CVE-2024-13689
Disclosure Date: February 18, 2025 (last updated February 19, 2025)
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
0
Attacker Value
Unknown
CVE-2024-32037
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.
0
Attacker Value
Unknown
CVE-2025-21376
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2025-21375
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
0
Attacker Value
Unknown
CVE-2025-21373
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Windows Installer Elevation of Privilege Vulnerability
0
Attacker Value
Unknown
CVE-2025-21371
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Windows Telephony Service Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2025-21369
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Microsoft Digest Authentication Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2025-21368
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Microsoft Digest Authentication Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2025-21367
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
0
