Lucene search
+L

43894 matches found

Nuclei
Nuclei
added yesterday41 views

PaperCut NG - Authentication Bypass

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS8.2AI score0.77388EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday14 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.2AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday18 views

CodeChecker <= 6.24.1 - Authentication Bypass

Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. id: CVE-2024-10081 info:...

10CVSS5.2AI score0.38961EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday19 views

OpenBullet2 <= 0.3.2 - Authentication Bypass

OpenBullet2 = 0.3.2 contains an authentication bypass caused by improper API key authentication middleware handling empty X-Api-Key header, letting unauthenticated attackers gain admin access, exploit requires sending empty X-Api-Key header. id: CVE-2026-25555 info: name: OpenBullet2 = 0.3.2 -...

9.8CVSS5.2AI score0.01509EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday17 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.2AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday9 views

N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

9.8CVSS5.2AI score0.01946EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday15 views

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

9.8CVSS5.3AI score0.02169EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday6 views

phpBB < 3.3.17 - Authentication Bypass

phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...

9.8CVSS8.4AI score0.02865EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday20 views

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS8.9AI score0.387EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday234 views

Symfony - Authentication Bypass

Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including 1 no hash or 2 an invalid has...

4.3CVSS5.3AI score0.08269EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday38 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS5.5AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday7 views

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

9.8CVSS5.3AI score0.03054EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday9 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS9.1AI score0.14886EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS8.2AI score0.03948EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday31 views

SiYuan Note <= 3.6.5 - Authentication Bypass

SiYuan Note 3.6.5 and prior is vulnerable to authentication bypass. The CheckAuth middleware unconditionally trusted all chrome-extension:// origins, granting RoleAdministrator access without token validation to any request with a spoofed Origin header. Fixed in v3.7.0. id: CVE-2026-54069 info:...

9.2CVSS5.3AI score0.00607EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday61 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS5.3AI score0.15339EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday40 views

Etherpad Lite <1.6.4 - Admin Authentication Bypass

Etherpad Lite before 1.6.4 is exploitable for admin access. id: CVE-2018-9845 info: name: Etherpad Lite 1.6.4 - Admin Authentication Bypass author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. impact: | An attacker can bypass the admi...

9.8CVSS8.5AI score0.13132EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday22 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...

9.8CVSS5.5AI score0.58431EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday12 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS5.2AI score0.34734EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS5.3AI score0.02036EPSS
Exploits0References3
Rows per page
Query Builder