172 matches found
PT-2026-42361
Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...
EUVD-2026-28463
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
PT-2026-38589
Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions prior to 11.8.0 Beta Description An authorization misconfiguration in the software allows unintended data exposure. Specifically, users with the anonymous user role in the MyFirstModule can gain access to all stored...
Note Mark: OIDC-registered users authenticated by submitting password "null"
Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...
CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-64516
GLPI before versions 10.0.21 and 11.0.3 suffers an access-control vulnerability where an unauthorized user can view documents attached to any item (tickets, assets, etc.). If the public FAQ is enabled, this can be exploited anonymously. The issue is fixed in GLPI 10.0.21 and 11.0.3. CVSS v3.1 sco...
PT-2026-3058
Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.21 GLPI versions prior to 11.0.3 Description An unauthorized user can access GLPI documents attached to any item, such as tickets or assets. If the public FAQ is enabled, this unauthorized access can be performed by...
CVE-2021-22200
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user...
GHSA-7XQ4-MWCP-Q8FX Gitea: anonymous user can visit private user's project
In Gitea before 1.21.2, an anonymous user can visit a private user's project...
CVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project...
CVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project...
CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
CVE-2025-61668
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
EUVD-2020-27382
Malware in sbrugna...
EUVD-2020-12588
Malware in sbrugna...
EUVD-2017-16594
Malware in sbrugna...
EUVD-2017-12330
Malware in sbrugna...
EUVD-2014-3005
Malware in sbrugna...
EUVD-2021-14681
Malware in sbrugna...