13 matches found
CVE-2026-33152
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
CVE-2024-50618
CVE-2024-50618 affects CIPPlanner CIPAce prior to version 9.17. The authentication component relies on single-factor authentication, and when internal accounts login is enabled, an attacker could bypass protection and potentially obtain full authentication if the secret of the single-factor schem...
PT-2026-7655
Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description A weakness exists in the Authentication component of CIPPlanner CIPAce that allows attackers to bypass a security measure. Specifically, the system’s reliance on single-factor authentication...
CVE-2026-2171
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-2171
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-2171
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-2171 code-projects Online Student Management System Login accounts.php sql injection
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-2171
CVE-2026-2171 affects code-projects Online Student Management System 1.0. The vulnerability is an SQL injection in the Login component (accounts.php) triggered by manipulating the username/password arguments. It can be exploited remotely and exploits have been made public. Remediation details are...
Linux Distros Unpatched Vulnerability : CVE-2019-9812
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that...
CVE-2023-28874
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...
CVE-2023-28874
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...
ManageEngine ADSelfService Plus 6.1 - User Enumeration
Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...
CVE-2020-1778
When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions...