7 matches found
CVE-2026-34453
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...
PT-2026-29381
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description The publish service in SiYuan allows unauthenticated visitors to access bookmarked blocks from password-protected documents. This occurs because the /api/bookmark/getBookmark endpoint, when operating ...
AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification
Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...
CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
USN-4167-1 samba vulnerabilities
Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. CVE-2019-10218 Simon...
Hikvision camera has a logic flaw vulnerability
Hikvision is a video-centric IoT solution provider, offering integrated security, smart business and big data services. A logic flaw vulnerability exists in Hikvision cameras, which can be exploited by an attacker to access the API without entering a password check...
DEBIAN-CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...