CVE-2020-37241

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

CVE-2020-37241

CVE-2020-37241 affects bloofoxCMS 0.5.2.1 and describes a cross-site request forgery (CSRF) that enables an attacker to perform administrative actions by luring a logged-in admin to visit a malicious page. The attack can craft hidden requests targeting the admin user-creation endpoint to add new ...

CVE-2026-2402

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...

CVE-2026-29515

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally...

CVE-2026-29515

MiCode FileExplorer contains an authentication bypass vulnerability in its embedded SwiFTP FTP server. The PASS command handler unconditionally grants access, allowing network attackers to log in with any username/password and to list, read, write, and delete files exposed by the FTP server. Affe...

EUVD-2025-36445

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

CVE-2025-9313 Unauthorized database access in Asseco mMedica

An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and...

PT-2025-44151

Name of the Vulnerable Software and Affected Versions Asseco mMedica versions prior to 11.9.5 Description An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated...

CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...

Jenkins plugin WSO2 Oauth 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

AZL-53235 CVE-2024-10524 affecting package wget for versions less than 1.21.2-4

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

GNU Wget 代码问题漏洞

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...

IceCMS 安全漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS 3.4.7 and earlier versions, which stems from the presence of an incorrect privilege modification that allows an attacker to...

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

CVE-2021-30224

Cross Site Request Forgery CSRF in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials...

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

Logic Flaw Vulnerability in GNC Product Lifecycle Management Platform

GNC Product Full Life Cycle Management Platform is a life cycle management system developed by AVIC Shanda Co. A logic flaw exists in the GNC Product Lifecycle Management Platform, which can be exploited by an attacker to log in to the system with an arbitrary username and password...

Pivotal Cloud Foundry Credhub-release authentication bypass vulnerability

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment.Credhub-release is one of the centralized credential management components....