22 matches found
CVE-2025-56221
A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack...
CVE-2025-57788
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2025-57788
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2025-57788 Unauthorized API Access Risk
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2012-10047
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...
CVE-2025-27456
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
PT-2025-27785 · Endress+Hauser · Endress+Hauser Meac300-Fnade4
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The login mechanism of the affected system does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to...
PT-2025-25321 · Sick Ag · Sick Media Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a login mechanism that does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromise the server. Recommendations...
CVE-2024-12839 Changing Information Technology CGFIDO - Authentication Bypass
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...
GHSA-3X57-M5P4-RGH4 ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId or ZendOpenId in ZF1, it is possible to login using an arbitrary OpenID account without knowing any secret information by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity MyOpenID, Google, etc,...
OESA-2024-1443 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
OESA-2024-1441 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
OESA-2024-1445 libgsasl security update
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...
CVE-2022-41333
An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...
CVE-2021-35498 TIBCO EBX Insecure Login Mechanism
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it...
Online Polling System 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Polling System 1.0 - Authentication Bypass Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass...
CVE-2017-11187
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
More info at https://framework.zend.com/security/advisory/ZF2014-02...
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer
More info at https://framework.zend.com/security/advisory/ZF2014-02...
Bypassing Google Two Factor Authentication
Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...