6 matches found
CVE-2025-8148
CVE-2025-8148 concerns Fortraβs GoAnywhere MFT; all connected sources describe an improper access control in the SFTP service for versions prior to 7.9.0. Web users who have an Authentication Alias and a valid SSH key but are restricted to password authentication can still log in using their SSH ...
CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...
PT-2022-26693 Β· Unknown Β· Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report version 0.9.8.6 Description: The issue allows remote attackers to bypass login authentication by spoofing JWT Tokens. This can be exploited by attackers to gain unauthorized access to the system. Recommendations: For...
exploits
exploits Published PoCs can be found at exploitdb.comh...
DRUPAL-CONTRIB-2021-014
This module allows users to authenticate against an Oauth 2.0 / OpenID Connect identity provider to login to your Drupal site. The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to lo...
Cisco Ultra Services Framework Staging Server Security Bypass Vulnerability
Cisco Ultra Services Framework Staging Server is a segmentation server in an intelligent online service delivery platform from the U.S. company Cisco Cisco. A security vulnerability exists in Cisco Ultra Services Framework Staging Server. A remote attacker could exploit the vulnerability to log i...