Lucene search
K

22 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.38 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/07 1:23 p.m.7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of usernames containing a NUL character when server is configured with RSA-PSK. An attacker can gain unauthorized access by sending a specially crafted username that causes the server...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 p.m.13 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

7.1CVSS5.8AI score0.0105EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/03/02 11:14 a.m.25 views

CVE-2025-30035 Lack of API authentication allowing session generation for any user

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...

9CVSS0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2922

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00642EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2024/11/14 3:15 p.m.4 views

CVE-2022-2232

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS5.8AI score0.00642EPSS
Exploits0References6
NVD
NVD
added 2024/11/14 3:15 p.m.63 views

CVE-2022-2232

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS0.00642EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/02/08 12:31 p.m.31 views

CVE-2022-2232

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. Mitigation This flaw requires a misconfiguration of the "UUID LDAP Attribute" values. When they are set to the standard...

7.5CVSS6.6AI score0.00642EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/01/09 4:9 p.m.8 views

keycloak: LDAP injection on username input

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS5.7AI score0.00642EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/09 4:8 p.m.2 views

keycloak: LDAP injection on username input

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS5.7AI score0.00642EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database...

7.5CVSS7.2AI score0.03145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.47 views

SUSE SLES11 Security Update : squid3 (SUSE-SU-2020:14460-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14460-1 advisory. - An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This...

9.9CVSS7.5AI score0.74477EPSS
Exploits1References60
CNVD
CNVD
added 2020/09/30 12:0 a.m.3 views

GitLab Username Format Restriction Bypass Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A vulnerability exists in GitLab versions prior to 13.1 that can be exploited to bypass the usernam...

8.3CVSS6.8AI score0.01418EPSS
Exploits1References1
CNVD
CNVD
added 2020/08/21 12:0 a.m.3 views

Vehicle Parking Management System Authentication Bypass Vulnerability

Vehicle Parking Management System is a PHP + MySQL based parking management system. An authentication bypass vulnerability exists in Vehicle Parking Management System 1.0. The vulnerability can be exploited to bypass authentication via "Username: admin' && Password: Write Something"...

9.8CVSS7.1AI score0.01379EPSS
Exploits0References1
CNVD
CNVD
added 2018/10/17 12:0 a.m.1 views

Wordpress plugin Wordfence username bypass vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A username bypass vulnerability exists in Wordpress plugin Wordfence, which can be exploited by an attacker to obtain usernam...

6.7AI score
Exploits0References1
Debian CVE
Debian CVE
added 2016/12/11 2:0 a.m.29 views

CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the username. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

9.8CVSS9.5AI score0.01964EPSS
Exploits0
0day.today
0day.today
added 2016/11/04 12:0 a.m.152 views

WhatsApp Web Username Bypass Vulnerability

Exploit for tricks platform in category remote exploits Title: Web WhatsApp Username Bypass Date: 31.10.2016 Author: Glumi Software Link: https://web.whatsapp.com/ Why this works: Web WhatsApp is filtering null bytes for all username inputs but this can be bypassed by using the"NOP"-character 0x9...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/10/21 12:0 a.m.57 views

Telegram Web 0.5.5 Username Bypass

Exploit Title: Telegram Web Empty Username Bypass Date: 18/10/2016 Author: Ashiyane Digital Security Team Software Link: https://web.telegram.org version : Telegram Web 0.5.5 Tested on: Windows 7 Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/03/20 12:0 a.m.53 views

Smart PHP Poll - Auth Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : email protected Download Script...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2005/02/15 9:37 a.m.2 views

security flaw

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

7.5CVSS5.9AI score0.31942EPSS
Exploits0References4
Rows per page
Query Builder