115 matches found
CVE-2026-35090
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35087
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...
CVE-2026-35090 Authentication Bypass in Slican telephone exchanges
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2019-25675
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...
CVE-2019-25675 eDirectory All Versions SQL Injection Authentication Bypass
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...
EUVD-2018-21655
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...
PT-2026-28237
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...
CVE-2019-25494
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...
Exploit for CVE-2026-23550
🔥 CVE-2026-23550 Modular DS Scanner Multi-threaded Python scan...
Authentication bypass vulnerability in OpenBlocks series
Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...
PT-2026-1418
Name of the Vulnerable Software and Affected Versions OpenBlocks versions prior to 5.0.8 Description An authentication bypass issue exists that may allow an attacker to bypass administrator authentication and change the password. Recommendations Update to version 5.0.8 or later...
EUVD-2025-25168
Malicious code in bioql PyPI...
CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...
Exploit for CVE-2025-50716
Multiple Vulnerabilities in RealEstate-PHP v1.0 Disclosure for...
CVE-2020-8547
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...
CVE-2023-47539
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...
CVE-2023-47539
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remotewildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request...
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...
CVE-2022-0993
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and...
PYSEC-2022-192
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...