CVE-2026-39322 PolarLearn: Any password authenticates banned accounts and grants API access

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

EUVD-2018-21663

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2018-25202

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2018-25202

SAT CFDI 3.3 is affected by an SQL injection in the signIn endpoint via the id parameter. The vulnerability allows attackers to manipulate queries using boolean-based blind, stacked, or time-based blind payloads to extract data or compromise the application. Public metrics indicate high severity ...

CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

PT-2026-28239

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

CVE-2023-31719

FUXA = 1.1.12 is vulnerable to SQL Injection via /api/signin...

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...