CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8890

The CVE-2026-8890 entry affects code100x Mobile API. The vulnerability is an authentication bypass in the Mobile API’s middleware.ts: when an Auth-Key header is present but not validated, an attacker can inject a crafted JSON payload in the g header, spoofing a user identity that downstream handl...

EUVD-2026-31953

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8855

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

CVE-2026-4051

CVE-2026-4051 concerns IBM Engineering Lifecycle Management - Jazz Foundation. Affected products/versions: 7.0.3 (through iFix021), 7.1.0 (through iFix009), 7.2.0 (through iFix001). Root cause: an exposed method that is not properly restricted, enabling a user with administrative privileges to pe...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20182 Cisco Catalyst SD-WAN Peering Authentication By...

CVE-2026-44668

CVE-2026-44668 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Prior to version 1.8.3, the authentication gate for all Struts2 actions is implemented by AccessControlInterceptor and unconditionally calls invocation.invoke() without validating a session. Four methods i...

EUVD-2026-31944

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

WordPress Two-factor authentication (formerly IP Vault) plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin IP Vault – WP Firewall versions = 2.1...

CVE-2026-48896

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-48897

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-8855

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

CVE-2026-8855 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

CVE-2026-8855 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...