6803 matches found
wp2shell-PoC
wp2shell — CVE-2026-63030 + CVE-2026-60137 WordPress Pre-Auth...
Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...
PHPIPAM <v1.5.1 - Missing Authorization
In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify if the user i...
Old Age Home Management System v1.0 - SQL Injection
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...
MStore API <= 3.9.2 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
Flowise <= 1.8.2 Authentication Bypass
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. id: CVE-2024-8181 info: name: Flowise = 1.8.2 Authentication Bypass author:...
MLflow Job API - Authentication Bypass
MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...
phpBB < 3.3.17 - Authentication Bypass
phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...
Sourcecodester Simple Client Management System 1.0 - SQL Injection
Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...
Atlassian Jira Seraph - Authentication Bypass
Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also...
Hospital Management System 1.0 - SQL Injection
Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
Mura CMS <10.0.580 - Authentication Bypass
Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
Login as User or Customer < 3.3 - Privilege Escalation
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. id: CVE-2022-4305 info: name: Login as User or Customer 3.3 - Privilege Escalation author: r3Y3r53 severity: critical...
Redash Setup Configuration - Default Secrets Disclosure
Redash Setup Configuration is vulnerable to default secrets disclosure Insecure Default Initialization of Resource. If an admin sets up Redash versions =10.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both...
Directory Management System 1.0 - SQL Injection
Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the...
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of th...
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
CVE-2026-13410
Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...