33 matches found
CVE-2024-50645
MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...
CVE-2024-50645
MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...
CVE-2024-50641
An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...
CVE-2024-50641
An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...
CVE-2025-50904
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...
CVE-2024-57491
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...
CVE-2024-57491
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...
CVE-2024-57157
Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...
CVE-2024-57155
Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token...
CVE-2024-57491
CVE-2024-57491 affects jobx (up to v1.0.1-RELEASE). The vulnerability is an authentication bypass in the preHandle function, allowing access to sensitive APIs without a token. CVSSv3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, user interactio...
Moodle 安全漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from an administrative "move up" and "move down" operation that does n...
Kubernetes: Tokenless GUI Authentication
Report Submission Form Summary: A person has the ability to bypass the login screen using the 401 error code produced from a failed token login. The user is given the privileges of an system:anonymous user. Kubernetes Version: kubectl, kubeadm, kubelet 1.22.2 Ubuntu 20.04.3 - 64bit Component...
3: authentication bypass for elasticsearch with external routes
An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices...