54 matches found
CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...
CVE-2026-8244
CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...
EUVD-2007-4551
Malware in sbrugna...
EUVD-2022-2418
Malicious code in bioql PyPI...
CVE-2025-34188
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...
CVE-2025-34188
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravelsession, are...
CVE-2025-9004
A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...
CVE-2023-47539
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...
CVE-2024-1573
Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 and prior, Mitsubishi Electri...
PT-2024-3984 · Unknown · Minmax Cms
Name of the Vulnerable Software and Affected Versions: MinMax CMS affected versions not specified Description: The issue is related to a hidden administrator account with a fixed password in MinMax CMS. This account cannot be removed or disabled from the management interface, allowing remote...
Gym Management System SQL Injection Vulnerability
Gym Management System is a gym management system. The system is developed in C and sql server and features customer and vendor management, product management, sales management, gym membership management, fitness assessment, system logging, database backup and restore. A security vulnerability...
CVE-2022-28492
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login...
CVE-2022-42064
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell...
VulnCheck KEV: CVE-2019-18988
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...
Unspecified Vulnerability in TeamViewer
TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. A security vulnerability exists in TeamViewer Desktop version 14.7.1965 and prior versions, which stems from different users using the same key during installation. An...
CVE-2019-18988
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the...
CVE-2019-18988
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the...
PhpTpoint Pharmacy Management System SQL Injection Vulnerability
PhpTpoint Pharmacy Management System is a pharmacy management system developed using the PHP language. A SQL injection vulnerability exists in the 'username' parameter of the index.php file in PhpTpoint Pharmacy Management System, which can be exploited by a remote attacker to bypass the login pa...
CVE-2015-7907
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors...
GE Healthcare Optima MR360 Built-in Account Vulnerability
The GE Healthcare Optima MR360 is a magnetic resonance imaging MRI system for the healthcare industry. The GE Healthcare Optima MR360 fails to properly verify login authentication, allowing remote attackers to exploit the vulnerability by submitting a special request to gain access...