Lucene search
K

358 matches found

Nuclei
Nuclei
added yesterday10 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7AI score0.03546EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday23 views

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

9.8CVSS6.9AI score0.07EPSS
Exploits1References3
CVE
CVE
added 5 days ago9 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-12597 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via GitHub OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS0.00422EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:9 a.m.21 views

CVE-2026-14807

The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:56 p.m.7 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.383 views

Wing FTP Server <= 7.4.3 - Remote Code Execution

Wing FTP Server versions prior to 7.4.4 are vulnerable to an unauthenticated remote code execution RCE flaw CVE-2025-47812. The vulnerability arises from improper NULL byte handling in the 'username' parameter during login, which allows Lua code injection into session files. These injected sessio...

10CVSS7.7AI score0.95343EPSS
Exploits23References2
GithubExploit
GithubExploit
added 2026/06/11 7:6 a.m.72 views

Exploit for CVE-2026-23550

🧨 CVE-2026-23550 – Modular Connector Admin Bypass Unauthentic...

9.8CVSS6AI score0.20631EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.14 views

CVE-2026-3461

The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...

9.8CVSS5.4AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.10 views

CVE-2025-71317

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:19 p.m.11 views

EUVD-2026-34305

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a val...

9.8CVSS5.9AI score0.00436EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:45 p.m.10 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8994

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS0.0039EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.35 views

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS0.0039EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8994 Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:31 a.m.43 views

CVE-2026-8994

The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43538

Name of the Vulnerable Software and Affected Versions Login with NEAR plugin for WordPress versions prior to 0.3.4 Description The plugin contains an authentication bypass flaw within the ajaxLoginWithNear function. This function is registered as a wp ajax nopriv action, making it accessible to...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References9
NVD
NVD
added 2026/05/14 10:16 p.m.31 views

CVE-2026-44671

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS0.00479EPSS
Exploits0References3
Rows per page
Query Builder