EUVD-2021-34838

Home Assistant Community Store HACS 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, th...

Astra Linux - уязвимость в memcached

A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...

CVE-2026-4045

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2026-2635

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

CVE-2026-2635

MLflow before version 3.8.0 is affected by an authentication bypass (CVE-2026-2635) due to default credentials in basic_auth.ini, allowing remote, unauthenticated attackers to bypass authentication and execute arbitrary code with administrator privileges. Root cause: hard-coded default credential...

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

CVE-2025-24531

A flaw was found in pampkcs11. The pamsmauthenticate function wrongly returns PAMIGNORE in some communication errors with a smartcard or PKCS11 token, such as a smartcard being removed or a hardware failure. In some specific PAM configurations, this return code allows the authentication process t...

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

GHSA-X37W-7P52-8F49 Mayan EDMS has an Open Redirect through the /authentication/ file

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

GHSA-774Q-R975-VQWP Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

CVE-2025-34427

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local...

CVE-2025-13188

CVE-2025-13188 affects D-Link DIR-816L (firmware 2_06_b09_beta). The flaw is in the authenticationcgi_main function of /authentication.cgi; manipulating the Password argument triggers a stack-based buffer overflow, enabling remote code execution. Public exploit exists; impact is high (remote, no ...

D-Link DIR-816L 安全漏洞

The D-Link DIR-816L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816L version 206b09beta, which originates from a misbehavior of the parameter Password in the file /authentication.cgi, which could lead to a stack-based buffer overflow...

PT-2025-44077

Name of the Vulnerable Software and Affected Versions Serdar Bayram Ghost Hot Spot versions prior to 20251015 Description A flaw exists in the Login component of Serdar Bayram Ghost Hot Spot. This issue is due to a SQL injection vulnerability within an unknown function of the /Auth.php file. The...

EUVD-2019-3854

Malware in sbrugna...

EUVD-2002-0543

Malware in sbrugna...