160683 matches found
Hunting-Bugs
2026 Practical Bug Bounty Guide Built on real-world experie...
SUSE CVE-2026-48842
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...
CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
EUVD-2026-32212
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689
CVE-2026-9689 affects Keycloak, an open-source identity and access management solution. The issue lies in the OIDC redirect URI handling when a client accepts broad redirect URIs, enabling an attacker to craft a special web address that could cause the client to prefer attacker-controlled informa...
CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42745
The CVE-2026-42745 entry concerns the WordPress Clover plugin ( Clover Online Orders) version <= 1.6.0, where a Broken Authentication vulnerability allows bypassing authentication via an alternate path or channel. Documents consistently describe an authentication bypass affecting the Smart Onl...
EUVD-2026-32198
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42749
CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...
CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
EUVD-2026-32208
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
CVE-2026-42749
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42745
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42760
CVE-2026-42760 concerns the WordPress plugin “Backup and Staging by WP Time Capsule” (revmakx) where the vulnerability enables an authentication bypass via an alternate path or channel, enabling password-recovery exploitation. Affected: wp-time-capsule plugin versions from n/a up to and including...
EUVD-2026-32194
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...