Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-59218

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42617

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-59218

Open WebUI prior to version 0.10.0 exposed an account enumeration flaw in the /api/v1/auths/signin endpoint. The login flow looked up users by email and only performed bcrypt verification when a credential existed, causing registered accounts to respond more slowly than missing email attempts. Th...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.9 views

CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
OSV
OSV
added 2024/01/15 6:15 a.m.5 views

CVE-2024-0545

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...

6.1CVSS4.9AI score0.0048EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/14 12:0 a.m.8 views

PT-2024-15645 · Unknown · Codecanyon Rise Ultimate Project Manager

Name of the Vulnerable Software and Affected Versions: CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3 Description: A problematic vulnerability was found in the CodeCanyon RISE Rise Ultimate Project Manager, affecting the file /index.php/signin. The manipulation of the redirect argume...

6.9CVSS5.6AI score0.0048EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/09/22 12:15 a.m.4 views

CVE-2023-31719

FUXA = 1.1.12 is vulnerable to SQL Injection via /api/signin...

9.8CVSS5.8AI score0.27436EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.6 views

FUXA SQL Injection Vulnerability

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.12 and earlier, which stems from vulnerability to SQL injection attacks via /api/signin...

9.8CVSS7.9AI score0.27436EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/07/21 7:13 a.m.2 views

CVE-2022-30628

It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL...

5.5CVSS5.8AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder