9 matches found
CVE-2026-59218
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...
EUVD-2026-42617
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...
CVE-2026-59218
Open WebUI prior to version 0.10.0 exposed an account enumeration flaw in the /api/v1/auths/signin endpoint. The login flow looked up users by email and only performed bcrypt verification when a credential existed, causing registered accounts to respond more slowly than missing email attempts. Th...
CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...
CVE-2024-0545
A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...
PT-2024-15645 · Unknown · Codecanyon Rise Ultimate Project Manager
Name of the Vulnerable Software and Affected Versions: CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3 Description: A problematic vulnerability was found in the CodeCanyon RISE Rise Ultimate Project Manager, affecting the file /index.php/signin. The manipulation of the redirect argume...
CVE-2023-31719
FUXA = 1.1.12 is vulnerable to SQL Injection via /api/signin...
FUXA SQL Injection Vulnerability
FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.12 and earlier, which stems from vulnerability to SQL injection attacks via /api/signin...
CVE-2022-30628
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL...