GHSA-9WMW-9WPH-2VWP Dagu: SSE Authentication Bypass in Basic Auth Mode

SSE Authentication Bypass in Basic Auth Mode Summary When Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG execution data, workflow...

Flux-Operator security vulnerabilities

Flux-Operator is a lifecycle management software developed by ControlPlane Enterprise for Flux CD. Versions of Flux-Operator from 0.36.0 to 0.40.0 contained security vulnerabilities. These vulnerabilities stemmed from the Web UI authentication code not verifying whether the generated username and...

PT-2025-51103

The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an...

EUVD-2017-5507

Malware in sbrugna...

EUVD-2025-19894

Malicious code in bioql PyPI...

CVE-2025-6763 Comet System H3531 Web-based Management setupA.cfg missing authentication

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...

CVE-2021-27395

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier All versions, SIMATIC Process Historian 2014 All versions SP3 Update 6, SIMATIC Process Historian 2019 All versions, SIMATIC Process Historian 2020 All versions. An interface in the software that is used for critica...

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) lies in the lack of authentication, which allows a malicious actor to influence the integrity of the protected information.

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller NDFC relates to the absence of authentication. Exploiting this vulnerability can allow a malicious actor to influence the integrity of the protected information...

The vulnerability in the `index.php?c=api` script of the OneNav bookmark management interface, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /index.php?c=api interface of the OneNav bookmark management program is related to deficiencies in the authentication process due to incorrect generation of tokens with the X-Token parameter. Exploiting this vulnerability allows a malicious actor to compromise the...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

CVE-2017-13992

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution...

CVE-2017-13992

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution...

CVE-2017-13992

The CVE-2017-13992 entry documents an Insufficient Entropy issue in LOYTEC LVIS-3ME, affected in versions prior to 6.2.0. The web interface authentication relies on weak RNG, which could enable remote code execution. Several sources (NVD, CVE listing, CNVD, PRION, etc.) confirm the issue and link...

LOYTEC LVIS-3ME Remote Code Execution Vulnerability

LVIS-3ME is a graphical user interface from LOYTEC. A remote code execution vulnerability exists in LOYTEC LVIS-3ME versions prior to 6.2.0, which can be exploited by an attacker to remotely execute arbitrary code due to the application's failure to utilize a sufficiently random number to generat...

Security Advisory- Web Interface Authentication Bypass Vulnerability in Huawei Tecal RH2285 V2 Server

Tecal RH2285 V2 is a next-generation 2 U 2-socket rack server. Featuring two Intel® Xeon® E5-2400 series processors, the RH2285 V2 provides large storage capacity, flexible scalability, and superb cost-effectiveness, which is an ideal hardware platform for big data and distributed storage...

Multiple Xerox WorkCentre products unauthorized access

It's possible to bypass authentication for Web interface access...

Linksys multiple routers buffer overflow

Buffer overflow during Web interface authentication...

Cisco Content Service Switch unauthorized access

It's possible to access administrative interface without authentication...

Переполнение буфера в AVTronics InetServer (buffer overflow)

Переполнение буфера при авторизации в Web-интерфейсе...