114 matches found
CVE-2026-43512
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls. Mitigation To mitigate this issue, disable DIGEST...
GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"
Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...
PT-2026-35503
Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An authentication bypass exists in the internal login endpoint. The IsPasswordMatch function in backend/db/models.go uses a hard-coded bcrypt"null" placeholder when a user has no stored password...
EUVD-2026-23758
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...
CVE-2026-32965
CVE-2026-32965 affects silex technology SD-330AC and AMC Manager. The vulnerability arises from initializing a resource with an insecure default configuration, allowing a device on factory-default settings to be configured with a null string password upon network connection. This has potential im...
CVE-2026-32965
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...
CVE-2026-32965
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...
CVE-2026-32965
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...
PT-2026-33703
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...
EUVD-2004-2434
Malware in sbrugna...
EUVD-2006-4591
Malware in sbrugna...
EUVD-2019-14628
Malware in sbrugna...
EUVD-2012-3343
Malware in sbrugna...
EUVD-2019-0562
Malware in sbrugna...
EUVD-2002-1610
Malware in sbrugna...
EUVD-2002-1751
Malware in sbrugna...
EUVD-2005-0571
Malware in sbrugna...
EUVD-2012-1157
Malware in sbrugna...
EUVD-2001-0269
Malware in sbrugna...