CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

EUVD-2021-34838

Home Assistant Community Store HACS 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, th...

CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

CLSA-2026-1778934210 Fix of 7 CVEs

SECURITY UPDATE: off-by-one OOB read in modproxyajp message getters - debian/patches/CVE-2026-33857.patch: tighten length checks msg-len - = msg-len in ajpmsggetuint8/16/32 and ajpmsgpeekuint8/16 in modules/proxy/ajpmsg.c. - CVE-2026-33857 SECURITY UPDATE: heap over-read in modproxyajp via missin...

CLSA-2026-1778934026 Fix CVE(s): CVE-2026-42010

SECURITY UPDATE: Authentication bypass via NUL-byte truncation in RSA-PSK username lookup - debian/patches/CVE-2026-42010.patch: replace strleninfo-username with info-usernamelen in gnutlsprocrsapskclientkx in lib/auth/rsapsk.c to prevent NUL-byte truncation allowing username matching with...

Exploit for CVE-2026-8181

CVE-2026-8181 exploit Burst Statistics WordPress Plugin —...

Improper Authentication

Shopware is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation and binding of shop installations to their original domains during app re-registration, which allows an attacker to hijack app communication and obtain API credentials intended for legitimate...

Improper Authentication

github.com/QuantumNous/new-api is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of Stripe webhook events, which allows an attacker to forge webhook requests and fraudulently credit quota to an account without making a payment...

Missing Authentication For Critical Function

Sliver is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to the DNS C2 listener allocating server-side sessions without validating TOTP values and lacking session cleanup, which allows an attacker to create excessive sessions and exhaust server memory...

Improper Access Control

kcp is vulnerable to Improper Access Control. The vulnerability is due to the cache server being exposed without authentication or authorization controls, which allows an attacker to read from and write to the cache server if they can access the root shard...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively long passwords during authentication, which allows an attacker to consume excessive CPU and memory resources by submitting login attempts with multi-megabyte passwords...

Authentication Bypass

MinIO is vulnerable to Authentication Bypass. The vulnerability is due to missing signature verification for authTypeStreamingUnsignedTrailer requests in the Snowball auto-extract handler, which allows an attacker with knowledge of a valid access key to upload arbitrary objects without providing ...

Exploit for CVE-2026-8181

CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...

CLSA-2026-1778895374 Fix CVE(s): CVE-2026-7598

SECURITY UPDATE: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - debian/patches/CVE-2026-7598.patch: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - CVE-2026-7598...

SUSE CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

CLSA-2026-1778890582 curl: Fix of CVE-2026-5545

CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...

CLSA-2026-1778889816 curl: Fix of CVE-2026-5545

CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...