161488 matches found
CVE-2026-42041
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the Object.prototype.validateStatus property. By polluting this property, all HTTP error responses such as 401, 403, or 500 are silently treated as...
CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844 chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/listfiles/retrievefile/retrievefilecontent/deletefile of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Compatible File Service...
CVE-2026-7844
CVE-2026-7844 concerns the chatchat-space Langchain-Chatchat project up to version 0.3.1.3. The vulnerability resides in the Compatible File Service, specifically the function set in libs/chatchat-server/chatchat/server/api_server/openai_routes.py (delete_file, as well as related file endpoints l...
CVE-2026-6918
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...
EUVD-2023-60570
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
EUVD-2025-209639
RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...
CVE-2026-6918
CVE-2026-6918 affects Eclipse OpenJ9/JITServer. Versions 0.21–0.58 are vulnerable to a pre-auth remote crash triggered by a 32-byte crafted TCP message. The description does not provide exploit details or remediation. No further concrete impact or patch information is available in the connected d...
CVE-2026-6918
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...
CVE-2026-6918
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...
EUVD-2026-27315
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...
CVE-2026-28510 elabftw allows MFA bypass during login
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-28510 elabftw allows MFA bypass during login
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-28510
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-43569
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...
RUSTSEC-2026-0121 Denial of service in Steamworks game clients/servers using P2P authentication
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
CVE-2026-40022
A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...
CVE-2026-43569 OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...
EUVD-2026-27289
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...