D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

RWS WorldServer - Authentication Bypass

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. id: CVE-2022-34267 info: name: RWS...

Control iD iDSecure - Authentication Bypass

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

EUVD-2019-16386

Malware in sbrugna...

EUVD-2019-16408

Malware in sbrugna...

EUVD-2023-29508

Malicious code in bioql PyPI...

EUVD-2022-35444

Malicious code in bioql PyPI...

EUVD-2022-35585

Malicious code in bioql PyPI...

EUVD-2021-9899

Malicious code in bioql PyPI...

CVE-2024-10511

CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL...

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

CVE-2019-6832

A CWE-287: Authentication vulnerability exists in spaceLYnk all versions before 2.4.0 and Wiser for KNX all versions before 2.4.0 - formerly known as homeLYnk, which could cause loss of control when an attacker bypasses the authentication...

Exploit for CVE-2025-0011

kentico-xperience13-AuthBypass-2025-0011 If you’re reading...

CVE-2025-0813

The CVE-2025-0813 entry concerns the Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI). The connected sources describe an authentication bypass vulnerability caused by improper authentication, which can be exploited when an unauthorized user with physical access to t...

CVE-2024-47592 Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability...

Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to key-value store "etcd". (CVE-2018-1098, CVE-2018-1099, CVE-2022-34038, CVE-2021-2823).

Summary The distributed key-value store, etcd, used by IBM Storage Protect Server is vulnerable to cross-site scripting, denial of service, or unauthorized access to the host system. This bulletin outlines the steps to address these vulnerabilities. Vulnerability Details CVEID:CVE-2018-1098...

CVE-2024-45115

Adobe Commerce CVE-2024-45115 affects multiple 2.4.x releases (2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Authentication vulnerability that can escalate privileges without user interaction. The issue is documented with a high-impact CVSS v3.1 (9.8, AV:N/AC:L/PR:N/UI:N/S...

CVE-2024-45115 Adobe Commerce | Improper Authentication (CWE-287)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application...

CVE-2024-45148 Adobe Commerce | Improper Authentication (CWE-287)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials...

CVE-2024-42336 Servision - CWE-287: Improper Authentication

Servision - CWE-287: Improper Authentication...