Shopware < 5.5.8 - Cross-Site Scripting

Shopware before 5.5.8 contains a reflected cross-site scripting XSS caused by unsanitized query string parameters in the backend/Login or backend/Login/load/ URI, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires sending crafted URL to the victim...

CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2026-0616 CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

CVE-2023-43134

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

EUVD-2024-48773

Malicious code in bioql PyPI...

EUVD-2022-3219

Malicious code in bioql PyPI...

SUSE CVE-2025-53534

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via r.URL.Path function in the middleware process. An attacker can execute arbitrary system commands or gain control over managed hosts by accessing the backend login path without authentication...

GHSA-FM3M-JRGM-5PPG RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

CVE-2025-47941

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

GHSA-744G-7QM9-HJH9 The TYPO3 CMS Backend has Broken Authentication in Backend MFA

Problem The multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful...

CVE-2025-47941

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

CVE-2025-47941

The TYPO3 CVE-2025-47941 vulnerability affects TYPO3 CMS where the MFA dialog during backend login can be bypassed due to insufficient enforcement of access restrictions on backend routes. Exploitation requires valid backend credentials and MFA can be bypassed after authentication. Affected versi...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

PT-2025-22143 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 12.x prior to 12.4.31 LTS TYPO3 versions 13.x prior to 13.4.2 LTS Description: The issue concerns the multifactor authentication MFA dialog presented during backend login, which can be bypassed due to insufficient enforcement o...