phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

CVE-2021-47777

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...

CVE-2021-47777

Build Smart ERP 21.0817 contains an unauthenticated SQL injection in the login validation endpoint, via the eidValue parameter. The root cause is an SQL injection vulnerability that allows stacked queries (e.g., ';WAITFOR DELAY '0:0:3'--'), enabling manipulation of database queries and potentiall...

CVE-2021-47777 Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...

RIB Build Smart ERP SQL Injection Vulnerability

RIB Build Smart ERP is an enterprise resource planning system developed by RIB Corporation for the construction industry. Version 21.0817 of RIB Build Smart ERP has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the eidValue parameter in the login validati...

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability, which stems from improper validation of login parameters. This vulnerability may allow attackers to redirect users to malicious websites after authentication...

EUVD-2013-1227

Malware in sbrugna...

EUVD-2022-41588

Malicious code in bioql PyPI...

EUVD-2023-53713

Malicious code in bioql PyPI...

EUVD-2022-3813

Malicious code in bioql PyPI...

CVE-2024-36673

CVE-2024-36673 affects Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0. The vulnerability is an SQL Injection in login.php caused by inadequate validation of the email and password inputs, enabling injection of malicious SQL queries. Documented impact is high for confidentiality, i...

CVE-2023-50821

CVE-2023-50821 affects Siemens SIMATIC WinCC/PCS 7 products (various V9.1/V17/V18/V19/V7.5/V8.0 lines). The root cause is improper validation of input in the login dialog, described as a classic buffer overflow in some sources, enabling a local attacker to cause a persistent denial-of-service con...

CVE-2023-50821

A vulnerability has been identified in SIMATIC PCS 7 V9.1 All versions V9.1 SP2 UC04, SIMATIC WinCC Runtime Professional V17 All versions V17 Update 8, SIMATIC WinCC Runtime Professional V18 All versions V18 Update 4, SIMATIC WinCC Runtime Professional V19 All versions V19 Update 1, SIMATIC WinCC...

CVE-2023-50821

A vulnerability has been identified in SIMATIC PCS 7 V9.1 All versions V9.1 SP2 UC04, SIMATIC WinCC Runtime Professional V17 All versions V17 Update 8, SIMATIC WinCC Runtime Professional V18 All versions V18 Update 4, SIMATIC WinCC Runtime Professional V19 All versions V19 Update 1, SIMATIC WinCC...

PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System

Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System CMS version 1.1.4f Description: The issue is related to a PHP type confusion vulnerability due to loose comparison in the isValidLogin function during a login attempt. This vulnerability can le...

PT-2023-17316 · WordPress · Directorist

Name of the Vulnerable Software and Affected Versions: Directorist plugin for WordPress versions up to and including 7.5.4 Description: The issue is caused by a lack of validation checks within the login.php file, allowing authenticated attackers with subscriber-level permissions and above to res...

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

Sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...

CVE-2022-33736

A vulnerability has been identified in Opcenter Quality V13.1 All versions V13.1.20220624, Opcenter Quality V13.2 All versions V13.2.20220624. The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing...