| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. |
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. |
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. |
| Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows. |
| An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing. |
| A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. |
| A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. |
| A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used. |
| The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials. |
| Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue. |
| A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. |
| A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |
| A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |
| Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability. |
| **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only. |
| An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. |
| An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. |
| Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI. |
| In JotUrl 2.0, is possible to bypass security requirements during the password change process. |
| A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. |
