6792 matches found
phpBB < 3.3.17 - Authentication Bypass
phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...
Old Age Home Management System v1.0 - SQL Injection
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...
PHPIPAM <v1.5.1 - Missing Authorization
In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify if the user i...
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...
Hospital Management System 1.0 - SQL Injection
Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
Mura CMS <10.0.580 - Authentication Bypass
Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
Sourcecodester Simple Client Management System 1.0 - SQL Injection
Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of th...
Directory Management System 1.0 - SQL Injection
Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the...
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
HPE Smart Update Manager SUM prior to version 8.5.6 could allow remote unauthorized access. id: CVE-2020-7136 info: name: HPE Smart Update Manager 8.5.6 - Remote Unauthorized Access author: gy741 severity: critical description: HPE Smart Update Manager SUM prior to version 8.5.6 could allow remot...
Pre-Auth Takeover of Build Pipelines in GoCD
GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. id: CVE-2021-43287 info: name: Pre-Auth Takeover of Build Pipelines in GoCD author: dhiyaneshDk severity...
Redash Setup Configuration - Default Secrets Disclosure
Redash Setup Configuration is vulnerable to default secrets disclosure Insecure Default Initialization of Resource. If an admin sets up Redash versions =10.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both...
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...
Really Simple Security < 9.1.2 - Authentication Bypass
The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...
MLflow Job API - Authentication Bypass
MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
Modular DS - Broken Access Control
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions. id: CVE-2026-23550 info: name: Modular DS - Broken Access Control author: DhiyaneshDk,l46983284-cpu...
Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...
EUVD-2026-44955
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stackid and orgid values present in the public source tree...