161507 matches found
CVE-2026-7722
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...
CVE-2026-5722
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...
SUSE CVE-2026-33006
A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
SUSE CVE-2026-39858
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...
SUSE CVE-2026-40912
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
SUSE CVE-2026-43859
mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...
SUSE CVE-2026-43860
mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...
SUSE CVE-2026-43862
In mutt before 2.3.2, the imapauthgss security level is mishandled...
CVE-2026-5722
The CVE concerns the WordPress plugin MoreConvert Pro (versions up to and including 1.9.14). The vulnerability is an Authentication Bypass in the guest waitlist verification flow: tokens are not invalidated or regenerated when the customer email is changed, enabling unauthenticated attackers to a...
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...
CVE-2026-5722
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...
EUVD-2026-25606
Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy...
NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
NPM: Axios: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...
GHSA-W9J2-PVGH-6H63 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...
CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966
CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...
CLSA-2026-1777939234 libssh: Fix of CVE-2026-0966
CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...
VulnCheck KEV: CVE-2024-11349
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 7.0.1 of OpenEMR contains a security vulnerability...