41 matches found
EUVD-2006-4190
Malware in sbrugna...
EUVD-2021-15171
Malware in sbrugna...
EUVD-2018-9667
Malware in sbrugna...
EUVD-2023-38357
Malicious code in bioql PyPI...
EUVD-2022-2290
Malicious code in bioql PyPI...
CVE-2020-25754
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...
CVE-2020-28073
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system...
CVE-2020-27266
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy...
CVE-2025-1941 Lock screen setting bypass in Firefox Focus for Android
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed distinct from CVE-2025-0245. This vulnerability was fixed in Firefox 136...
PT-2025-9666
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Description A user opt-in setting that requires authentication before use could be bypassed under certain circumstances. Recommendations For versions prior to 136, update to version 136 or later to resolve the iss...
SUSE CVE-2025-0245
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...
CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as...
CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager VBEM web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating ...
CVE-2023-40151
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...
CVE-2023-2887 User Authentication Bypass in CBOT's Chatbot
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2022-38168
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification...
CVE-2019-6551
The CVE-2019-6551 vulnerability affects Pangea Communications Internet FAX ATA (Version 3.1.8 and prior). A specially crafted URL can bypass user authentication to force a reboot, enabling a continued denial-of-service condition. The issue is described as an authentication bypass via an alternate...
CVE-2018-17926
Summary of CVE-2018-17926 (ABB M2M ETHERNET) Vulnerability: Improper authentication (CWE-287) in ABB M2M ETHERNET devices allows an attacker to upload a malicious language file by bypassing user authentication. Affected products/versions: M2M ETHERNET with FW 2.22 and prior and ETH-FW 1.01 and pr...
GHSA-C7C7-XM8G-XM36 Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...
MGASA-2018-0204 Updated python-paramiko packages fix security vulnerability
A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step CVE-2018-7750. This flaw is a user authentication bypass in the...