Astra Linux - уязвимость в sssd

A race condition flaw was identified in sssd, where the GPO policy is not consistently applied to authenticated users. This could lead to improper authorization issues, granting or denying access to resources inappropriately...

CVE-2025-24531

A flaw was found in pampkcs11. The pamsmauthenticate function wrongly returns PAMIGNORE in some communication errors with a smartcard or PKCS11 token, such as a smartcard being removed or a hardware failure. In some specific PAM configurations, this return code allows the authentication process t...

CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

EUVD-2019-15206

Malware in sbrugna...

EUVD-2021-8911

Malicious code in bioql PyPI...

EUVD-2022-41813

Malicious code in bioql PyPI...

CVE-2025-6795 Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability

Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. Th...

CVE-2025-5906 code-projects Laundry System data missing authentication

A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

PT-2025-24599 · Unknown · Code-Projects Laundry System

Name of the Vulnerable Software and Affected Versions: code-projects Laundry System version 1.0 Description: A critical vulnerability has been found in the code-projects Laundry System. This issue affects an unknown part of the file /data/ and leads to missing authentication. The attack can be...

CVE-2024-42559

An issue in the login component processlogin.php of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password...

CVE-2021-21739

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and...

CVE-2007-6011

Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

Logic Flaw Vulnerability in the Integrated Management System of River Management System of Sichuang Technology Co.

Siltronic Ltd. is an information service provider for disaster reduction and profitability in China. A logic flaw vulnerability exists in the integrated river management system of Sicron Technology Limited, which can be exploited by an attacker to bypass system authentication and login...

CVE-2023-26760

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

Sql injection

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0, 7.0.12.0, and 7.0.3.0 are vulnerable to a SQL injection in the username field. Root cause: improper handling of input in the login username, enabling injection when SSO or System authentication is enabled. Impact per CVSS indicates high confidentiality/integrity/...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-01593)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an OS command injection vulnerability caused by a problem with system authentication for HTTP requests. An attacker could exploit the...