Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

PT-2026-49831

Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...

Exploit for CVE-2026-36826

CVE-2026-36826: SQL Injection in genesisQL = 1.1.1 Summar...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS before Monterey 12.4 contained security vulnerabilities. These vulnerabilities were due to consistency issues, which could allow those with access to a Mac to bypass th...

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

CVE-2026-49194

The debugging routine SCREENCLICK5053 enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface...

CVE-2026-40551

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

CVE-2026-35090

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

WordPress plugin WP Captcha PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...