161137 matches found
CVE-2026-40165
The CVE affects the open‑source IdP project authentik. Versions 2025.12.4 and earlier, and 2026.2.0-rc1 through 2026.2.2 are affected by Authentication Bypass via SAML NameID XML Comment Injection. Due to how NameID is extracted from a SAML assertion, an attacker who has an account on the SAML So...
CVE-2026-40165 authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation
authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it was possible for an...
Exploit for CVE-2026-0265
CVE-2026-0265 Passive Detector v2 Defensive reconnaissanc...
CVE-2026-42946
A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...
CVE-2026-9141
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
CVE-2026-39310
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...
CVE-2026-2812
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
Exploit for CVE-2026-0265
CVE-2026-0265 Vulnerability Assessment Tool Safely detect whe...
CVE-2026-45434
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-9141
Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) contains an authentication bypass in its embedded web configuration interface, allowing unauthenticated network attackers to directly request internal pages (e.g., index.zhtml, point.zhtml, log.shtml) and gain full administrative read/write a...
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
EUVD-2026-31189
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
CVE-2026-9141
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
CVE-2026-9139
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
EUVD-2026-31179
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
GO-2026-4995 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf...
CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...
CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...