Lucene search
K

115 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35090

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.6AI score0.00625EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.5AI score0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:42 p.m.40 views

CVE-2026-35090 Authentication Bypass in Slican telephone exchanges

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS0.00625EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:58 p.m.2 views

CVE-2019-25675

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS6AI score0.00529EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/05 8:58 p.m.19 views

CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

8.8CVSS0.00529EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/26 12:30 p.m.5 views

EUVD-2018-21655

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS6AI score0.0052EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28237

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

9.8CVSS6AI score0.0052EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 5:23 p.m.4 views

CVE-2019-25494

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...

8.8CVSS6AI score0.00408EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/02/07 5:16 p.m.175 views

Exploit for CVE-2026-23550

🔥 CVE-2026-23550 Modular DS Scanner Multi-threaded Python scan...

10CVSS5.4AI score0.20631EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/07 1:46 a.m.5 views

Authentication bypass vulnerability in OpenBlocks series

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...

8.8CVSS8.8AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.8 views

PT-2026-1418

Name of the Vulnerable Software and Affected Versions OpenBlocks versions prior to 5.0.8 Description An authentication bypass issue exists that may allow an attacker to bypass administrator authentication and change the password. Recommendations Update to version 5.0.8 or later...

8.8CVSS6.9AI score0.00279EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25168

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00475EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/23 6:43 a.m.11 views

CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

9.8CVSS0.00714EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/07/17 5:17 a.m.93 views

Exploit for CVE-2025-50716

Multiple Vulnerabilities in RealEstate-PHP v1.0 Disclosure for...

9.1AI score
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.6 views

CVE-2020-8547

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

9.8CVSS7.1AI score0.05861EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2025/03/18 2:15 p.m.3 views

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...

9.8CVSS5.8AI score0.01074EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/18 1:56 p.m.6 views

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...

9.8CVSS7.5AI score0.01074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:34 p.m.10 views

CVE-2022-24857

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS6.8AI score0.011EPSS
Exploits0References1
OSV
OSV
added 2022/04/19 9:15 p.m.4 views

CVE-2022-0993

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and...

9.8CVSS7.3AI score0.07467EPSS
Exploits2References3
PyPA
PyPA
added 2022/04/15 7:15 p.m.9 views

PYSEC-2022-192

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS7.1AI score0.011EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder