4 matches found
CVE-2026-57867
CVE-2026-57867 affects MicroRealEstate before or up to 1.0.0-alpha3, due to a lack of token state management that enables adversaries to bypass authentication and brute‑force One‑Time Passwords (OTP) to log in as any user. The root cause is insufficient token state handling, leading to an auth by...
CVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...
CVE-2024-9990
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'cryptoconnectajaxprocess::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
CVE-2021-36294
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user...