EUVD-2025-210078

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

📄 Hestia Control Panel 1.9.3 Code Execution

Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...

EUVD-2020-30784

Malware in sbrugna...

EUVD-2021-23612

Malware in sbrugna...

EUVD-2008-1143

Malware in sbrugna...

EUVD-2003-1196

Malware in sbrugna...

EUVD-2016-8016

Malware in sbrugna...

EUVD-2022-28217

Malicious code in bioql PyPI...

EUVD-2021-28672

Malicious code in bioql PyPI...

EUVD-2023-59311

Malicious code in bioql PyPI...

EUVD-2023-27550

Malicious code in bioql PyPI...

EUVD-2024-33031

Malicious code in bioql PyPI...

EUVD-2023-33922

Malicious code in bioql PyPI...

CVE-2025-6688

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the createuser function. This makes it possible for unauthenticated attackers to log in as...

CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

Abandoned Cart Lite for WooCommerce - Authentication Bypass

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

CVE-2014-5101

Multiple cross-site scripting XSS vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 TPLname, 2 TPLnick, 3 TPLemail, 4 TPLyear, 5 TPLaddress, 6 TPLcity, 7 TPLprov, 8 TPLzip, 9 TPLphone, 10 TPLppemail, 11 TPLauthnetid, 12 TPLauthnetpass, 13...

CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default...