Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/05/29 5:45 p.m.29 views

CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 6:17 p.m.8 views

GHSA-QXVM-R42F-5P8J AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

8.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/04/20 6:31 a.m.6 views

EUVD-2026-23753

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 11:16 p.m.5 views

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

9.3CVSS5.7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/13 10:52 p.m.4 views

CVE-2023-54335 eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

9.8CVSS7.5AI score0.04962EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-2248

Malware in sbrugna...

10CVSS9.5AI score0.01822EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.5 views

SAP Commerce Security Breach

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. A security vulnerability exists in SAP Commerce that originates from a null password that could accept user ID and password...

9.8CVSS6.7AI score0.00614EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.6 views

Wiesemann & Theis Com-Server Family 访问控制错误漏洞

The Wiesemann & Theis Com-Server Family is a family of serial device servers from Wiesemann & Theis, Germany. An access control error vulnerability exists in Wiesemann & Theis Com-Server Family. A remote attacker could exploit this vulnerability to log in to the system without knowing the passwor...

9.8CVSS8.4AI score0.01001EPSS
Exploits0References3
OSV
OSV
added 2022/09/19 8:15 p.m.3 views

CVE-2022-23767

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...

9.8CVSS5.7AI score0.00806EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/03/21 3:27 a.m.26 views

Ubiquiti Inc.: Login as root without password on EdgeSwitchX

In EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in th...

5.8CVSS4AI score0.00809EPSS
Exploits0
OSV
OSV
added 2018/05/01 5:29 p.m.2 views

DEBIAN-CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.6AI score0.02991EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/12 12:0 a.m.3 views

Mobile's customized "Magic Box" smart set-top box has smart hardware vulnerabilities

Smart Set Top Box is a set top box product from ZTE Corporation. A smart hardware vulnerability exists in the mobile customized "Magic Box" smart set-top box. An attacker can use the vulnerability to communicate with the device using a ttl line, log in to the operating system without password...

7.1AI score
Exploits0
OSV
OSV
added 2017/07/17 1:18 p.m.5 views

CVE-2017-10601

A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically...

9.8CVSS5.8AI score0.01822EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.26 views

Mandriva Update for kdebase MDKSA-2007:190 (kdebase)

Check for the Version of kdebase OpenVAS Vulnerability Test Mandriva Update for kdebase MDKSA-2007:190 kdebase Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

6.8CVSS6.3AI score0.01015EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/09/25 12:0 a.m.40 views

KDE kdm privilege escalation

It's possible to login without password under certain circumstances...

6.8CVSS3.3AI score0.01015EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2005/03/21 12:0 a.m.58 views

phpMyFamily <= 1.4.0 Admin Bypass SQL Injection

Exploit for unknown platform in category web applications =============================================== phpMyFamily = 1.4.0 Admin Bypass SQL Injection =============================================== Tested with version 1.2.5 /str0ke Login as admin without pass: Login: "' OR 'a'='a' AND...

7.1AI score
Exploits0
Rows per page
Query Builder