162793 matches found
Blitz Identity Provider (Authentication server)
...
CVE-2026-13230
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...
EUVD-2026-44542
ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-62422
CVE-2026-62422 affects JetBrains YouTrack, with authentication bypass via direct database access that enables administrative access. Affects: YouTrack builds listed in the entry (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The entry does not pr...
CVE-2026-62422
In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-56451
A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...
CVE-2026-56451
Opcenter X (all versions
EUVD-2026-43650
A vulnerability has been identified in Opcenter X All versions V2604. Affected applications do not properly validate the algorithm specified in the JSON Web Token JWT header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersona...
EUVD-2026-43634
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
UserPro <= 5.1.1 - Authentication Bypass
The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
Adobe Coldfusion - Authentication Bypass
Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...
H2O ImportFiles - Local File Inclusion
An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. id: CVE-2023-6038 info: name: H2O ImportFiles - Local File Inclusion author: danmcinerney,byt3bl33d3r severity: high description: | An attacker is able to read any file on the server hosting t...
PowerJob V4.3.1 - Authentication Bypass
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. id: CVE-2023-29922 info: name: PowerJob V4.3.1 - Authentication Bypass author: Co5mos severity: medium description: | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save...
Navidrome <=0.54.5 - Authentication Bypass in Subsonic API
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...
Easy Digital Downloads - Privilege Escalation
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...
WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. id: CVE-2023-32243 info: name: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset author:...
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...
PaperCut NG - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...