CVE-2026-31957

Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) from versions 3.0.0 up to before 3.1.0 is vulnerable when deployed without a configured tenant domain in himmelblau.conf. In this state, authentication is not tenant-scoped, allowing the system to accept authentication at...

PT-2026-24804

🚨 CVE-2026-31957 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication...

Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability

Talos Vulnerability Report TALOS-2025-2162 Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability August 20, 2025 CVE Number CVE-2025-27564 SUMMARY A unencrypted transmission of credentials vulnerability exists in the web portal authentication functionality...

Tenda AC6 V5.0 Tenda App Router Authentication cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2025-2178 Tenda AC6 V5.0 Tenda App Router Authentication cleartext transmission vulnerability August 20, 2025 CVE Number CVE-2025-31143 SUMMARY A cleartext transmission vulnerability exists in the Tenda App Router Authentication functionality of Tenda AC6 V5.0...

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...

CVE-2024-22245 Arbitrary Authentication Relay Vulnerability in Deprecated EAP Browser Plugin

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...

Authentication flaw

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2021-32459

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execut...

Hardcoded credentials

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execut...

CVE-2021-32459

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execut...

CVE-2021-32459

CVE-2021-32459 : A hard-coded credential exists in Trend Micro Home Network Security’s log collection server. Exploitation requires a specially crafted request to achieve arbitrary authentication, potentially enabling log data manipulation or exfiltration. Affected versions reported include Trend...

SAP Solution Manager Access Control Error Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2018-13446

An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

Cybozu Office Multiple Cross-Site Request Forgery Vulnerabilities

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. Multiple cross-site request forgery vulnerabilities exist in Cybozu Office versions 9.9.0 through 10.3.0 that allow remote attackers to hijack the authentication of arbitrary user identities...

PostCard 1.0 - Remote Insecure Cookie Handling Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ PostCard 1.0 Insecure Cookie Handling Arbitrary Authentication +==-- --==+================================================================================+==--...

PhShoutBox <= 1.5 (final) Insecure Cookie Handling Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ PhShoutBox = 1.5 final Insecure Cookie Handling Arbitrary Authentication +==--...

PHP Article Publisher - Arbitrary Authentication Bypass

PHP Article Publisher - Arbitrary Authentication Bypass -------------------------------------------------------------- PHP Article Publisher Arbitrary Auth Bypass Vulnerability --------------------------------------------------------------- Founder :ThE g0bL!N download...