39 matches found
PT-2026-39756
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
Unprotected Alternate Channel
Overview Affected versions of this package are vulnerable to Unprotected Alternate Channel due to the omission of confirmation in proxy-mode multiplexing sessions. An attacker can cause unintended data handling by establishing a multiplexed session without explicit confirmation when specific and...
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-26117
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-25035
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through = 28.1.2.2...
PT-2026-21066
Name of the Vulnerable Software and Affected Versions Miraculous Elementor versions through 2.0.7 Description An authentication bypass issue exists in Miraculous Elementor, potentially allowing authentication abuse through an alternate path or channel. Recommendations Update Miraculous Elementor ...
Exploit for Unprotected Alternate Channel in Crushftp
C...
CVE-2025-69101
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.0...
CVE-2025-49901
Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through 14.8.1...
Unprotected Alternate Channel
Overview github.com/slackhq/nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. Affected versions of this package are vulnerable to Unprotected Alternate Channel via improper handling of CIDR configuration in certificates. An attacker with control ov...
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...
EUVD-2025-32089
Malicious code in bioql PyPI...
EUVD-2025-25974
Malicious code in bioql PyPI...
CVE-2025-8557
An internal product security audit of Lenovo XClarity Orchestrator LXCO discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator LXCO network segment may be able to manipulate the local device to create an alternate communication channel...
Lenovo XClarity Orchestrator 安全漏洞
Lenovo XClarity Orchestrator is an application from the Chinese company Lenovo Lenovo. It provides centralized monitoring, management, and analysis for environments containing a large number of devices. A security vulnerability exists in Lenovo XClarity Orchestrator that originates in a local...
CVE-2025-54725
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo golo allows Authentication Abuse.This issue affects Golo: from n/a through = 1.7.0...
PT-2025-35073
Name of the Vulnerable Software and Affected Versions: uxper Golo versions through 1.7.0 Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability exists in uxper Golo, allowing Authentication Abuse. Recommendations: Update uxper Golo to a version later than 1.7.0...
ROS-20250822-05
Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...