CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

CVE-2022-27487

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS...

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

CVE-2025-62712 JumpServer Connection Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

EUVD-2013-0952

Malware in sbrugna...

EUVD-2023-25662

Malicious code in bioql PyPI...

EUVD-2021-27509

Malicious code in bioql PyPI...

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...

CVE-2023-21494

Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...

CVE-2013-0941

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the no...

tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process...

CVE-2025-26485

The CVE-2025-26485 entry describes a vulnerability in Beta80 Life 1st (affected version: 1.5.2.14234) where authentication error handling reveals differing messages for wrong passwords versus non-existent users. This enables potential user enumeration and information disclosure about registered i...

CVE-2024-56799

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...

MGASA-2024-0379 Updated tomcat packages fix security vulnerabilities

Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2024-52316: Fixed an authentication bypass when using Jakarta Authentication API bsc1233434. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

iperf3: vulnerable to marvin attack if the authentication option is used

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked...

URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...