Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

CVE-2026-42946

A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...

External Control of File Name or Path

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to External Control of File Name or Path through the deleteFileOrFolder and renameFile processes. An attacker can remove or rename critical application files by sending craft...

CVE-2026-22692

CVE-2026-22692 affects October CMS Twig sandbox (CMS_SAFE_MODE). Vulnerable in versions prior to 3.7.13 and 4.0.0–4.1.4; fixed in 3.7.13 and 4.1.5. Root cause: collect()->mapInto() on SafeCollection bypasses SecurityPolicy, allowing authenticated template editors to bypass sandbox. Exploitatio...

CVE-2026-0589 code-projects Online Product Reservation System Administration Backend improper authentication

A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be us...

EUVD-2024-16582

Malicious code in bioql PyPI...

The TYPO3 CMS Backend has Broken Authentication in Backend MFA

Problem The multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful...

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6 + Layui development of a lightweight high-color backend development system. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the parentField parameter of the index...

PT-2024-31703 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Description: The issue allows authenticated users in the back end to list files outside the document root in the file selector widget. There are no known workarounds for this issue. Recommendations: Update to...

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

PT-2024-15827 · Softwarex · Softwarex

The affected software is related to a specific application or system that uses admin or manager roles. If an attacker gains access to an instance with the admin or manager role, they can create a new user with an admin role without any backend authentication to prevent it, allowing them to use th...

MQTT 授权问题漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

PT-2022-10515 · Unknown · Veryfitpro

Name of the Vulnerable Software and Affected Versions: VeryFitPro version 3.2.8 Description: The issue allows an attacker in possession of a hashed password to take over a user's account. This is because the password is hashed locally on the device and the hash is used for authentication with the...

Song Song registration system has a universal password login vulnerability

Song Song enrollment system is an asp + access to develop the enrollment system source code. Song Song enrollment system background administrator login entry there is a universal password login vulnerability, attackers can use this vulnerability to bypass the background authentication, so as to...

MetInfo5. 1 tasteless GETSHELL-a vulnerability warning-the black bar safety net

0x00: the A project of penetration testing on the project encountered this situation in the metinfo on the ciphertext cannot be decrypted when we are this method can bypass the background GETSHELL it. 0x01: the The latest official metinfo5. 1, is yesterday download. 0x02: the In fact, is the seco...

phpstcms (STCMS music system) to bypass the backend authentication method-vulnerability warning-the black bar safety net

Published author: the mind Vulnerability type: background verification Vulnerability analysis: a music system-0-in! Throw in the hard disk is also equal to moldy, classic white look at the code. Vulnerability exists in“common.inc.php”file, as follows. phpstcms STCMS music system to bypass the...