Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39756

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/05 9:45 a.m.4 views

CVE-2026-5557

A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...

6.5CVSS6.2AI score0.0036EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 9:45 a.m.4 views

CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass

A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...

6.5CVSS6.2AI score0.0036EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/02 4:57 p.m.4 views

Unprotected Alternate Channel

Overview Affected versions of this package are vulnerable to Unprotected Alternate Channel due to the omission of confirmation in proxy-mode multiplexing sessions. An attacker can cause unintended data handling by establishing a multiplexed session without explicit confirmation when specific and...

2.5CVSS5.9AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:3 p.m.2 views

CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

5.9AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.4 views

CVE-2026-26117

Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.10 views

CVE-2026-25035

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through = 28.1.2.2...

9.8CVSS0.00416EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.14 views

PT-2026-21066

Name of the Vulnerable Software and Affected Versions Miraculous Elementor versions through 2.0.7 Description An authentication bypass issue exists in Miraculous Elementor, potentially allowing authentication abuse through an alternate path or channel. Recommendations Update Miraculous Elementor ...

5.4AI score0.0036EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/27 12:10 p.m.167 views

Exploit for Unprotected Alternate Channel in Crushftp

C...

9.8CVSS7.3AI score0.92034EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.4 views

CVE-2025-69101

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.0...

9.8CVSS5.3AI score0.00547EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.5 views

CVE-2025-49901

Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through 14.8.1...

9.8CVSS7AI score0.00702EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/23 4:58 a.m.3 views

Unprotected Alternate Channel

Overview github.com/slackhq/nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. Affected versions of this package are vulnerable to Unprotected Alternate Channel via improper handling of CIDR configuration in certificates. An attacker with control ov...

4.9CVSS7AI score0.00199EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/20 12:0 a.m.9 views

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...

9.8CVSS6.9AI score0.58431EPSS
In wildExploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32089

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01224EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25974

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/11 6:34 p.m.5 views

CVE-2025-8557

An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...

8.8CVSS6AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.3 views

Lenovo XClarity Orchestrator 安全漏洞

Lenovo XClarity Orchestrator is an application from the Chinese company Lenovo Lenovo. It provides centralized monitoring, management, and analysis for environments containing a large number of devices. A security vulnerability exists in Lenovo XClarity Orchestrator that originates in a local...

8.8CVSS6.3AI score0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.5 views

CVE-2025-54725

Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through = 1.7.0...

9.8CVSS5.9AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.9 views

PT-2025-35073

Name of the Vulnerable Software and Affected Versions: uxper Golo versions through 1.7.0 Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability exists in uxper Golo, allowing Authentication Abuse. Recommendations: Update uxper Golo to a version later than 1.7.0...

9.8CVSS6.4AI score0.00397EPSS
Exploits0References6
Redos
Redos
added 2025/08/22 12:0 a.m.3 views

ROS-20250822-05

Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...

7.5CVSS7.8AI score0.03163EPSS
Exploits0
Rows per page
Query Builder