CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-40964

Cloud Foundry Foundation reports an Authentication Bypass in cf-auth-proxy that permits an unauthenticated remote attacker to read all logs and metrics for all apps and platform components by minting a JWT accepted as a valid logs.admin token. Affected: log-cache_release up to v3.2.6 (inclusive);...

CVE-2018-25431

CVE-2018-25431 affects No-CMS 1.0 and describes an SQL injection in the order_by parameter of the manage_privilege export endpoint. An authenticated attacker can submit a crafted POST request to /nocms/main/manage_privilege/index/export with SQL payload in order_by[0] to manipulate database queri...

CVE-2026-10288

The vulnerability affects code-projects Hotel and Tourism Reservation System 1.0 (Admin Login component). The issue lies in the function password_verify in /admin/login.php, where manipulation of the Password argument leads to improper authentication. It is exploitable remotely, and a publicly av...

EUVD-2026-33762

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-10288 code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-10288 code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-10283

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

CVE-2026-10283

CVE-2026-10283 affects Bottelet DaybydayCRM up to version 2.2.1. The vulnerability is in an unknown function of the Setting Handler, where manipulation leads to missing authentication. Remote exploitation is possible. A patch is recommended to fix the issue.

CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...