CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

Antsle antman authentication bypass vulnerability

Antsle antman is a private cloud server product from Antsle USA. A security vulnerability exists in Antsle antman prior to version 0.9.1a, which stems from the login process using Java's ProcessBuilder class and a bash script that fails to adequately filter input when calling antsle-auth. A remot...

antMan 0.9.0c Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...

antMan 0.9.0c - Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...