Lucene search
K

43282 matches found

IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago10 views

Security Bulletin: Security vulnerability in IBM Storage Protect Backup Archive client leads to unauthroised access to IBM Storage Protect Snapshot for Windows Standalone Configuration

Summary Security vulnerability in IBM Storage Protect Backup Archive client leads to unauthroised access to IBM Storage Protect Snapshot for Windows Standalone Configuration Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage...

9.1CVSS5.9AI score0.00357EPSS
Exploits0Affected Software1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-42551

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added 3 hours ago3 views

CVE-2026-1365

Summary: CVE-2026-1365 describes an information-disclosure vulnerability in Sayax Energy Technologies Inc. OSOS that permits insertion of sensitive information into data sent by the system and enables an authentication bypass. The issue affects OSOS up to version 09072026. CVSS 3.1 metrics indica...

6.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added 4 hours ago7 views

CVE-2026-14245

The CVE-2026-14245 entry concerns the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1). The root cause is that um_reset_password_process_hook() performs no server-side verification of OTP completion and relies on a public form_nonc...

9.8CVSS6AI score
Exploits0References10
Nuclei
Nuclei
added 9 hours ago13 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.9AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago35 views

MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.03805EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago45 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7.2AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago25 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS5.9AI score0.00847EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.4AI score0.04342EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago37 views

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS7.4AI score0.1067EPSS
Exploits4References3
Nuclei
Nuclei
added 9 hours ago22 views

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

9.8CVSS7AI score0.07EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago18 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS7AI score0.01713EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago12 views

HP Switch - Authentication Bypass

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

9.8CVSS7AI score0.02641EPSS
Exploits1
Nuclei
Nuclei
added 9 hours ago9 views

N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

9.8CVSS5.9AI score0.01946EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago11 views

Zoho ManageEngine - getUserAPIKey Authentication Bypass

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.5CVSS7.1AI score0.0793EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago31 views

RestroPress 3.0.0-3.2.1 - Authentication Bypass

RestroPress Online Food Ordering System WordPress plugin 3.0.0 to 3.1.9.2 contains an authentication bypass caused by exposure of user private tokens and API data via /wp-json/wp/v2/users endpoint, letting unauthenticated attackers forge JWT tokens and authenticate as other users including...

9.8CVSS7.2AI score0.02196EPSS
Exploits6References2
Nuclei
Nuclei
added 9 hours ago14 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago7 views

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

9.8CVSS5.9AI score0.02994EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago22 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7.2AI score0.0293EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago13 views

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

9.8CVSS6AI score0.02169EPSS
Exploits1References2
Rows per page
Query Builder