CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994

The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...

CVE-2026-39858

A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instea...

CVE-2026-35051

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik's ForwardAuth middleware when the trustForwardHeader setting is configured as false and Traefik is deployed behind a trusted upstream proxy. A remote attacker could...

CVE-2026-40912

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth...

CVE-2026-8076 Weak credentials vulnerability in the CashDro 3 web administration panel

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

CVE-2026-6915

A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is performed for...

WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by David Marín in WordPress Plugin Simple Cloudflare Turnstile versions = 1.38.0...

EUVD-2023-50669

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by d.v4ns3c in WordPress Plugin WP User Frontend versions = 4.3.1...

BIT-MONGODB-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

picoctf-irish-name-repo-2

picoCTF — Irish-Name-Repo 2 | Field | Details...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2026-42276

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

EUVD-2026-28525

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...