117 matches found
PT-2026-2920
Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...
EUVD-2026-2445
An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...
Blurams Flare Camera 安全漏洞
Blurams Flare Camera is a webcam from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from an insecure authentication mechanism that could lead to the execution of arbitrary commands...
CVE-2024-41808
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
CVE-2025-1717
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...
📄 PerfexCRM Authentication Bypass
PerfexCRM versions prior to 3.3.1 suffer from an authentication bypass vulnerability. Security Advisory — PerfexCRM Authentication Bypass CVE-2025-60375, RESERVED Advisory ID: perfexcrm-auth-bypass-2025 CVE: CVE-2025-60375 RESERVED Product: PerfexCRM Affected versions: versions prior to 3.3.1 3.3...
EUVD-2022-3276
Malicious code in bioql PyPI...
EUVD-2025-18118
Malicious code in bioql PyPI...
EUVD-2024-39197
Malicious code in bioql PyPI...
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers
Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...
Tenda AC6 Code Execution Vulnerability (CNVD-2025-20158)
Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6. The vulnerability stems from the presence of insecur...
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
PT-2025-30413 · Etq · Etq Reliance
Name of the Vulnerable Software and Affected Versions: ETQ Reliance versions prior to SE.2025.1 ETQ Reliance version 2025.1.2 Description: An XML External Entity XXE injection vulnerability exists within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input...
CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...
CVE-2025-41459
CVE-2025-41459 affects Two App Studio Journey 5.5.6 on iOS. The local authentication component has insufficient brute-force protection and is vulnerable to runtime manipulation, allowing local attackers to bypass biometric and PIN controls via repeated PIN attempts or dynamic code injection. CVSS...
CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...
BIT-POSTGRESQL-JDBC-DRIVER-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...