CVE-2026-8327

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32110

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40810

An unauthenticated SQL injection vulnerability affects the userinfo endpoint, due to improper neutralization of special elements in a SQL SELECT command. A remote attacker can exploit it to cause a total loss of confidentiality. CVE-2026-40810 has CVSS v3.1 base score 7.5 (HIGH) and CVSS v4.0 bas...

PT-2026-43550

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

Astra Linux - уязвимость в php8.1, php7.3

In PHP versions 8.1. before 8.1.29, and 8.2. before 8.2.20, and 8.3. before 8.3.8, due to a code logic error, filtering functions such as filterVar when validating URLs using FILTERVALIDATEURL will result in invalid user information such as username and password parts of URLs being treated as val...

Astra Linux - уязвимость в wget

In GNU Wget version 1.24.5, url.c handles semicolons in the userinfo subcomponent of a URI incorrectly. As a result, there may be insecure behaviors where data that should be within the userinfo subcomponent is misinterpreted as being part of the host subcomponent...

Astra Linux - уязвимость в lynx

Lynx versions up to 2.8.9 mishandled the userinfo subcomponent of a URI, allowing remote attackers to discover cleartext credentials, as these credentials might appear in SNI data...

Incorrect Implementation of Authentication Algorithm

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm through the TokenManager and OIDC endpoint token checks ...

JLSEC-2026-120

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

CLSA-2026-1775643576 squid: Fix of CVE-2023-46848

CVE-2023-46848: fix userinfo percent-encoding...

CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

User Impersonation

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to User Impersonation in the getoidcuserinfo function. An attacker can gain unauthorized access to another user's identity and permissions by crafting a token with the same...

GHSA-JJHC-V7C2-5HH6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...