Lucene search
K

66 matches found

Positive Technologies
Positive Technologies
added 6 days ago14 views

PT-2026-56988

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.307 Description An authentication bypass exists that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints. This is achieved by supplying a spoofed...

9.3CVSS6.2AI score0.00293EPSS
Exploits0References8
NVD
NVD
added 2026/07/04 8:16 p.m.9 views

CVE-2026-14648

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS0.00347EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 7:15 p.m.21 views

CVE-2026-14648

The CVE details a SQL injection in code-projects Online Voting System (versions up to 0.x/1.0) via the Login component, affecting the function test_input in /authentication.php. By manipulating adminUserName/adminPassword arguments, an attacker can exploit the vulnerability remotely. The exploit ...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40863

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php...

9.8CVSS6.2AI score0.0051EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 12:0 a.m.26 views

CVE-2026-37106

CVE-2026-37106 affects DokuWiki (version 2025-05-14b “Librarian” 56.2) where the register function in inc/auth.php can be abused by a remote attacker to create new user accounts. Some sources additionally indicate potential arbitrary code execution via this path; the vendor notes this may reflect...

9.8CVSS6.1AI score0.0051EPSS
Exploits0References3
OSV
OSV
added 2026/05/31 8:45 a.m.3 views

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

5.3CVSS6.2AI score0.00242EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Memcached

A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...

5.5CVSS6.2AI score0.0036EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/16 3:28 p.m.12 views

EUVD-2021-34838

Home Assistant Community Store HACS 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, th...

8.7CVSS5.8AI score0.00498EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.3 views

CVE-2026-4045

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

6.3CVSS5.2AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:16 p.m.17 views

CVE-2026-2635

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

9.8CVSS0.00968EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/20 10:25 p.m.4 views

CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

9.8CVSS6.1AI score0.00968EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 10:25 p.m.46 views

CVE-2026-2635

MLflow before version 3.8.0 is affected by an authentication bypass (CVE-2026-2635) due to default credentials in basic_auth.ini, allowing remote, unauthenticated attackers to bypass authentication and execute arbitrary code with administrator privileges. Root cause: hard-coded default credential...

9.8CVSS9.1AI score0.00968EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/19 12:0 a.m.6 views

MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...

9.8CVSS6.3AI score0.00968EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:45 p.m.5 views

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/19 8:45 p.m.5 views

CVE-2025-24531

A flaw was found in pampkcs11. The pamsmauthenticate function wrongly returns PAMIGNORE in some communication errors with a smartcard or PKCS11 token, such as a smartcard being removed or a hardware failure. In some specific PAM configurations, this return code allows the authentication process t...

6.7CVSS5.5AI score0.00235EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.26 views

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

7.5CVSS0.00984EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 a.m.11 views

Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

6.1CVSS5.6AI score0.00399EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2025/12/15 12:30 a.m.4 views

GHSA-X37W-7P52-8F49 Mayan EDMS has an Open Redirect through the /authentication/ file

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS4.8AI score0.00408EPSS
Exploits1References12
OSV
OSV
added 2025/12/15 12:30 a.m.11 views

GHSA-774Q-R975-VQWP Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

5.3CVSS3.9AI score0.00399EPSS
Exploits1References12
Rows per page
Query Builder