CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

EUVD-2025-33558

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

PT-2025-41488

Name of the Vulnerable Software and Affected Versions Perfex CRM versions prior to 3.3.1 Description The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the username...

CVE-2025-60375

CVE-2025-60375 affects Perfex CRM versions prior to 3.3.1. The issue is an authentication bypass caused by insufficient server-side validation of login parameters, allowing an attacker to gain unauthorized access (including admin accounts) by submitting empty username and password values. Exploit...

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

CVE-2025-60375

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including...

GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and web application management framework allows a attacker to bypass the authentication process and trigger a service failure.

The vulnerability of the FormLoginAuthenticator class in the Symfony software development and management platform relates to the omission of the empty username or password field during authentication processes. Exploiting this vulnerability could allow an attacker to bypass the authentication...

DEBIAN-CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

PT-2024-40463 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises when creating new backend user accounts in the TYPO3 backend, potentially leading to database records with insecure or empty credentials being persisted. This occurs when the...

PT-2024-9246 · Symfony +1 · Symfony +1

Name of the Vulnerable Software and Affected Versions: Symfony version 7.07 Description: A security issue was identified in the FormLoginAuthenticator component of Symfony, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could...

Trojan-Dropper.Win32.SVB.cz Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d57536189430fd75e45f53845e9b3f94.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.SVB.cz Vulnerability: Authentication Bypass RCE Description: The malware listen...

Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...