EUVD-2026-26045

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

CVE-2026-1729

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

CVE-2022-35947

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

Linux Distros Unpatched Vulnerability : CVE-2025-46801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an...

CVE-2025-9254 Uniong｜WebITR - Missing Authentication

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality...

PT-2025-34341 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong suffers from a missing authentication issue. This allows unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specif...

DEBIAN-CVE-2025-46801

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...

UBUNTU-CVE-2025-46801

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...

CVE-2022-35947

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

Shining Flash cms Frontend Arbitrary User Login Vulnerability

Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a front-end arbitrary user login vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, an attacker can use the vulnerability to bypass authentication t...

KPPW v2.6 /api/uc.php SQL注入漏洞与任意用户登录漏洞

No description provided by source...

espcms最新版V6.4.15.08.25任意用户登录漏洞

No description provided by source...

kppw最新版任意用户登录

简要描述： 只需要用户名和用户id即可实现任意用户登录 详细说明： 问题出在 lib/inc/kekecoreclass.php function inituser 第981行 elseif $COOKIE 'kekeautologin' $loginInfo = unserialize $COOKIE 'kekeautologin' ; $pwdInfo = explode '|', base64decode $loginInfo 2 ; $uInfo = kekezu::gettabledata '', 'witkeyspace', " username='$pwdInfo2' an...

LebiShop商城系统最新版任意用户登陆

简要描述： LebiShop商城系统最新版任意用户登陆 详细说明： LebiShop商城系统最新版Powered by LebiShop V3.1.01，存在任意用户登陆 官方demo测试 http://plus.demo.lebi.cn/——可注册普通用户和商家用户 http://demo.lebi.cn/——可注册普通用户 我们使用http://plus.demo.lebi.cn/进行测试 首先我们注册一个普通用户222222，并登陆 注意这里的COOKIE中user的值，id=37，这里是用户222222的用户userid...

emc-sql.txt

adMERITia Vulnerability Report Vulnerability Information Vendor: EMC² Product: Centera Universal Access Version: CUA4.04735.p4 Vulnerability Type: Software Flaw Vulnerability: SQL Injection Impact: Attacker can bypass the authentication method and will be logged in as an arbitrary user. With...