Lucene search
K

43389 matches found

CVE
CVE
added 13 hours ago5 views

CVE-2026-14262

The CVE concerns the WordPress plugin Simple JWT Login . All versions up to and including 3.6.6 are vulnerable to Authentication Bypass to Privilege Escalation via the payload parameter. The flaw arises because AuthenticateService::generatePayload() only overwrites JWT payload keys listed in the ...

8.8CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-43145

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the payload parameter. The vulnerability exists because AuthenticateService::generatePayload only...

8.8CVSS6.1AI score
Exploits0References6
Nuclei
Nuclei
added 14 hours ago11 views

BMC FootPrints - Authentication Bypass

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...

9.1CVSS6.2AI score0.3436EPSS
Exploits4References2
Nuclei
Nuclei
added 14 hours ago60 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS6.1AI score0.15339EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago16 views

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS7.2AI score0.387EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago30 views

WP Directory Kit <= 1.4.4 - Authentication Bypass

The WP Directory Kit plugin for WordPress version 1.4.4 and below contains an authentication bypass vulnerability in its auto-login functionality. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting a cryptographically weak token generation mechanism tha...

10CVSS7AI score0.0472EPSS
Exploits3References4
Nuclei
Nuclei
added 14 hours ago60 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.5AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago30 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.1AI score0.8413EPSS
Exploits5References4
Nuclei
Nuclei
added 14 hours ago12 views

HP Switch - Authentication Bypass

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

9.8CVSS6.9AI score0.02641EPSS
Exploits1
Nuclei
Nuclei
added 14 hours ago18 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago38 views

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS7.1AI score0.1067EPSS
Exploits4References3
Nuclei
Nuclei
added 14 hours ago11 views

Zoho ManageEngine - getUserAPIKey Authentication Bypass

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.5CVSS7AI score0.0793EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago47 views

QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

8.8CVSS6.1AI score0.01173EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago13 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS6.1AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago9 views

N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

9.8CVSS6.1AI score0.01946EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago25 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS6.1AI score0.00847EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago66 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7AI score0.14462EPSS
Exploits3References2
Nuclei
Nuclei
added 14 hours ago11 views

EyesOfNetwork - Hardcoded API Key & SQL Injection

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/apifunctions.php. id: CVE-2020-8656 info: name:...

9.8CVSS7AI score0.846EPSS
Exploits8References3
Nuclei
Nuclei
added 14 hours ago18 views

Teleport - Authentication Bypass

Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems. id: CVE-2025-49825 info: name: Teleport - Authentication Bypass author: pdteam severity: critical description: | Teleport...

9.8CVSS6.5AI score0.07754EPSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago11 views

Alumni Management System 1.0 - SQL Injection

SourceCodester Alumni Management System 1.0 contains a sqlinjection caused by unsanitized input in admin/login.php, letting attackers bypass authentication, exploit requires injection of malicious SQL payload. id: CVE-2020-29214 info: name: Alumni Management System 1.0 - SQL Injection author:...

9.8CVSS7AI score0.04499EPSS
Exploits1References2
Rows per page
Query Builder