CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

GHSA-4VXV-4XQ4-P84H CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

Authentication Bypass

mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...

EUVD-2025-201128

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...

CVE-2025-56643

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a toke...

EUVD-2019-6289

Malware in sbrugna...

EUVD-2025-13570

Malicious code in bioql PyPI...

CVE-2025-48952 NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

CVE-2025-48952 NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

Huawei HarmonyOS Permission Issues Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a privilege issue vulnerability that stems from an improper implementation of the file system module's authentication logic, which can be exploited by an attacker to steal sensitive information ...

CVE-2025-46584

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-46584

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-46584

CVE-2025-46584 relates to Huawei HarmonyOS and describes an improper authentication logic implementation in the file system module. The issue is locally exploitable (attack vector: LOCAL) with low authentication complexity and LOW privileges required; confidentiality is affected (CVE/metrics show...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a privilege issue vulnerability that stems from an improper implementation of the file system module's authentication logic, which can be exploited by an attacker to steal sensitive information ...

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana

Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson Machine Learning Accelerator on Cloud Pak for Data. This bulletin identifies the steps to take to...

Authentication Bypass

github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...

Withdrawn Advisory: Symfony http-security has authentication bypass

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. Original Description In Symfony, a security vulnerability was identified in...

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic', 'Description' = %q Many Hikvision IP cameras contain...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024...