33 matches found
CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without...
GHSA-8VRH-3PM2-V4V6 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
DVP-12SE11T - Password Protection Bypass...
CVE-2025-15102
CVE-2025-15102 impacts Delta Electronics DVP-12SE11T PLC. The vulnerability is a password protection bypass that can be exploited remotely without authentication, potentially allowing unauthorized access and manipulation of PLC functionality. Fixed via firmware updates in late December 2025. Conn...
EUVD-2025-34063
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...
CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...
CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...
PT-2025-41778
Name of the Vulnerable Software and Affected Versions WP Private Content Plus versions through 3.6.2 Description The software includes a content protection feature requiring a password, but the access control check relies solely on a client-side cookie. An unauthenticated attacker can bypass the...
EUVD-1999-1057
Malware in sbrugna...
EUVD-2014-8852
Malware in sbrugna...
EUVD-2004-2250
Malware in sbrugna...
EUVD-2020-3049
Malware in sbrugna...
CVE-2025-5998
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...
GO-2025-3790 File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser
File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser...
CVE-2024-13688
CVE-2024-13688 relates to the Admin and Site Enhancements (ASE) WordPress plugin. The issue is a hardcoded password in the Password Protection feature, enabling bypass of protection through a crafted request. Affected versions are
CVE-2024-13688 Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass
The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request...
Schneider Electric EcoStruxure Control Expert 安全漏洞
Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in various Schneider Electric EcoStruxure Control Expert products that ste...
CVE-2019-19690
Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...