CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

CVE-2026-1729

CVE-2026-1729 concerns the AdForest WordPress theme. It describes an authentication bypass in the function sb_login_user_with_otp_fun, allowing unauthenticated attackers to log in as arbitrary users (including administrators) in all versions up to and including 6.0.12. The underlying cause is imp...

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

EUVD-2025-25512

Malicious code in bioql PyPI...

mysql: MySQL Server: Denial of Service vulnerability

A flaw was found in MySQL Server. This vulnerability allows an unauthenticated attacker to cause a hang or frequently repeatable crash via logon to the infrastructure where MySQL Server executes...

PT-2024-17348 · WordPress · Jobsearch Wp Job Board

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to 2.6.7 Description: The issue arises from the plugin not properly verifying a user's identity when verifying an email address through the user account activation function. This allows...

PT-2024-6867 · D Link · D-Link Wireless Routers

Name of the Vulnerable Software and Affected Versions: D-Link wireless routers affected versions not specified Description: The issue is related to the telnet service in certain D-Link wireless routers, where user input is not properly validated, allowing unauthenticated remote attackers to use...

GHSA-V5GJ-FX3G-HCPW SQL injection in Apache Submarine

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

CVE-2023-37924

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

CVE-2022-22309

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...

CVE-2022-22309

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...

Design/Logic Flaw

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...

CVE-2022-22309

Summary: CVE-2022-22309 affects IBM POWER systems, where the firmware service processor (FSP) is vulnerable to unauthenticated logins via the physical serial port/TTY interface. Root cause/impact: Unauthenticated access could allow login through the serial interface, with CVSS v3.1/3.0 vectors in...

CVE-2022-22309

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...

IBM Power System 访问控制错误漏洞

The IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in the IBM Power System that originates from the FSP being susceptible to unauthenticated logins via the serial port/TTY interface. The following products and versions ar...

Fleet Authorization Issues Vulnerability

Fleet is a host monitoring platform. Fleet before version 3.5.1 has a security vulnerability that stems from an issue with Go's standard library XML parsing, which can be exploited by an attacker to mutate a valid SAML response to modify a trusted document. This could result in allowing...

MGASA-2014-0504 Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...