CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

CVE-2025-10640 Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from a lack of authentication checks on the server side, which could allow an unauthenticated attacker to bypass the login prompt...

Rancher 安全漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A security vulnerability exists in Rancher that stems from a lack of server-side authentication, which could lead to...

CVE-2025-9495

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

PT-2025-39104

Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description The web interface does not properly enforce server-side authentication, relying instead on frontend-based authentication controls. This allows an attacker to bypass login restrictions by...

WordPress plugin WP Hotel Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Cisco Unified Intelligence Center 安全漏洞

Cisco Unified Intelligence Center is a set of Web-based reporting platform from Cisco USA. The platform provides the ability to present report-related business data and call center data. A security vulnerability exists in Cisco Unified Intelligence Center that stems from insufficient server-side...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...

Hikvision HikCentral Professional Security Vulnerability

Hikvision HikCentral is a security management software from Hikvision China. A security vulnerability exists in Hikvision HikCentral Professional V2.5.1 and prior versions, which stems from insufficient server-side authentication and could allow an attacker to access certain URLs that they should...

Cloudflare Zero Trust Security Breach

Cloudflare Zero Trust is Cloudflare's replacement for traditional security perimeters, providing teams around the world with a platform for a faster, more secure Internet. Cloudflare Zero Trust suffers from a security vulnerability that stems from a lack of server-side authentication, where an...

Suprema BioStar 2 安全漏洞

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 versions prior to v2.9.1, which stems from a lack of server-side authentication. An attacker can exploit this vulnerability to gain system administrator...

Safe Software FME Server 安全漏洞

Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. A security vulnerability exists in Safe Software FME Server v2022.0.1.1 and prior versions, which stems...

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

Default configuration

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

Siemens SIMATIC WinCC OA 授权问题漏洞

Siemens SIMATIC WinCC OA is a SCADA operating system from Siemens, Germany. It is used to control and monitor industrial applications. A security vulnerability exists in Siemens SIMATIC WinCC OA that stems from the application using only client-side authentication when both server-side...

PT-2022-3046 · Siemens · Simatic Wincc Oa V3.17 +4

Name of the Vulnerable Software and Affected Versions: Cerberus DMS versions all Desigo CC versions all Desigo CC Compact versions all SIMATIC WinCC OA V3.16 versions all SIMATIC WinCC OA V3.17 versions all SIMATIC WinCC OA V3.18 versions all Description: A vulnerability has been identified in th...

CVE-2022-24883

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server...

D-Link DIR-601 Authentication Bypass Vulnerability

The D-Link DIR-601 B1 is a wireless router from AUO D-Link of Taiwan, China. An authentication bypass vulnerability exists in the D-Link DIR-601 B1 version 2.00NA, which originates from a program that only authenticates on the client side and fails to authenticate on the server side. An attacker...