Lucene search
+L

12 matches found

Cvelist
Cvelist
added 2026/07/09 11:30 p.m.33 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS6AI score0.0052EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 3:28 p.m.19 views

CVE-2026-2991

The CVE-2026-2991 affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (

7.3CVSS5.9AI score0.00434EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/01/23 12:30 p.m.14 views

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

9.8CVSS5.8AI score0.66322EPSS
Exploits1
Cvelist
Cvelist
added 2026/01/13 10:52 p.m.27 views

CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.8CVSS0.00296EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.6 views

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from a lack of authentication checks on the server side, which could allow an unauthenticated attacker to bypass the login prompt...

9.8CVSS9.5AI score0.00876EPSS
Exploits0References1
CVE
CVE
added 2025/09/30 4:27 a.m.29 views

CVE-2025-7038

The vulnerability CVE-2025-7038 affects LatePoint for WordPress (up to v5.1.94). The issue is an Authentication Bypass in the steps__load_step path of the latepoint_route_call AJAX endpoint, where client-supplied customer email/fields are used before login verification or nonce checks. Unauthenti...

8.2CVSS5.5AI score0.00385EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.7 views

Pilz IndustrialPI 代码问题漏洞

Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. A code issue vulnerability exists in Pilz IndustrialPI that stems from an unauthenticated login bypass resulting in a setting change...

9.8CVSS7.1AI score0.00696EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.304 views

FortiMail Unauthenticated Login Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiMail Unauthenticated Login Bypass Scanner', 'Description' = %q This module attempts to detect instances of FortiMail vulnerable against an...

9.8CVSS7.1AI score0.77778EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/03/13 5:58 p.m.90 views

Exploit for SQL Injection in Abocms Abo.Cms

ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227...

9.8CVSS7.6AI score0.00794EPSS
Exploits3
OSV
OSV
added 2024/02/12 4:15 p.m.4 views

CVE-2023-6036

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...

9.8CVSS5.8AI score0.01773EPSS
Exploits3References1
OSV
OSV
added 2021/04/05 7:15 p.m.3 views

CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

9.8CVSS7.4AI score0.14462EPSS
Exploits3References3
Rows per page
Query Builder