51 matches found
CVE-2026-46391
CVE-2026-46391 concerns HAX CMS/Open-apis where, from versions before 26.0.0, multiple functions perform substring-only hostname validation for basic auth destinations. The underlying issue is substring matching that can be manipulated by an attacker to exfiltrate credentials by directing request...
CVE-2025-62312
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...
CVE-2025-62312
Technical details about CVE-2025-62312 are not publicly available in the provided documents. The materials describe basic authentication usage but do not specify affected products, versions, root cause, or remediation. Monitor for updates.
CVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and...
CVE-2020-37094
EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication tok...
CVE-2020-37094
EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication tok...
CVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and...
CVE-2020-37094 EspoCRM 5.7.0 < 5.9.0 - Two-Factor Authentication Bypass via Auth Token Reuse Between Accounts with Identical Passwords
EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication tok...
CVE-2020-37094
EspoCRM (versions affected: 5.7.0 before 5.9.0) has an authentication token reuse vulnerability that can bypass two‑factor authentication. The issue arises from token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php, allowing an attacker to obtain a token for one ac...
EspoCRM 安全漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Version 5.8.5 of EspoCRM contains a security vulnerability. This vulnerability stems from an...
PT-2026-5844
Name of the Vulnerable Software and Affected Versions EspoCRM version 5.8.5 Description The software contains an authentication issue that allows unauthorized access to user accounts. Attackers can manipulate authorization headers, specifically decoding and modifying Basic Authorization and...
EUVD-2022-48798
Malicious code in bioql PyPI...
CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...
CVE-2025-32862
CVE-2025-32862 concerns Siemens TeleControl Server Basic. Affected: all versions
Grafana -- Authorization bypass in data source proxy API
Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...
Boa Web Server v0.94.14 - Authentication Bypass
Exploit Title: Boa Web Server v0.94.14 - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://github.com/gpg/boa CVE: N/A Tested on: Debian 5.18.5 Description : Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the correct security constraint on th...
CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...
CVE-2022-45956
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...
Authorization
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...
PT-2022-27698 · Unknown · Boa Web Server
Name of the Vulnerable Software and Affected Versions: Boa Web Server versions 0.94.13 through 0.94.14 Description: The issue allows bypassing of the Basic Authorization mechanism due to a failure in validating the correct security constraint on the HEAD HTTP method. Recommendations: For Boa Web...