CVE-2026-44058 Authentication bypass via admin auth user

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

Astra Linux - уязвимость в pgpool2

The Pgpool-II provided by PgPool Global Development Group contains a authentication bypass vulnerability as a primary weakness. If this vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/...

CVE-2026-29515 MiCode FileExplorer SwiFTP Server Authentication Bypass

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally...

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

OpenID Connect 授权问题漏洞

OpenID Connect OIDC is a library open-sourced by XWiki Contrib. Makes XWiki a reusable identity provider for any application. An authorization issue vulnerability exists in OpenID Connect OIDC version 2.17.1 through versions prior to 2.18.2, which stems from a user with view privileges being able...

WordPress WebinarIgnition Authentication Bypass Vulnerability

WordPress WebinarIgnition is an open source plugin for WordPress that focuses on creating real-time interactive webinars. WordPress WebinarIgnition suffers from an authentication bypass vulnerability that stems from a lack of capability checking, which can be exploited by an attacker to generate...

Pgpool-II 安全漏洞

Pgpool-II is an open source cluster management tool from PgPool Global Development Group. A security vulnerability exists in Pgpool-II that stems from a major weakness that results in an authentication bypass that could allow an attacker to log in to the system as an arbitrary user...

Pgpool-II vulnerable to authentication bypass by primary weakness

Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications from the Quarkus open source. A security vulnerability exists in Quarkus that stems from an undisabled default REST endpoint in the quarkus-security-webauthn module, which could lead to arbitrary user login...

SUSE CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

UBUNTU-CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

Ruby SAML 数据伪造问题漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A data forgery vulnerability exists in Ruby SAML that stems from Ruby-SAML's inability to properly verify the signature of a SAML response, allowing an attacker to log in to a vulnerable system as an...

Exploit for Improper Authentication in Genetechsolutions Pie_Register

CVE-2021-24647 CVE-2021-24647 Pie Register 3.7.1.6 - Unau...

UBUNTU-CVE-2022-35947

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

齐治堡垒机任意用户登录漏洞

...

Front-end Arbitrary User Fake Login Vulnerability in Tongda OA

Tongda OA Office Anywhere Network Intelligent Office System is a collaborative office automation software developed by Beijing Tongda Science and Technology Co. Ltd. is a collaborative office automation software developed by the company. Tongda OA front-end arbitrary user forgery login...

Arbitrary User Login Vulnerability in Tongda OA Frontend

Tongda OA Office Anywhere Network Intelligent Office System is a collaborative office automation software independently developed by Beijing Tongda Science and Technology Co., Ltd. and China's enterprise management practices combined with the formation of a comprehensive management office platfor...