161521 matches found
EUVD-2026-33059
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
FUXA provides guest and invalid-token access to protected read APIs in secure mode
Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...
CVE-2026-38930
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...
CVE-2026-46424
Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...
CVE-2026-45575
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...
USN-8341-1: OpenJDK 26 vulnerabilities
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...
USN-8341-1 openjdk-26 vulnerabilities
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...
CVE-2026-43512
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls. Mitigation To mitigate this issue, disable DIGEST...
CVE-2026-45039
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...
curl: Proxy CONNECT response poisoning via authentication retry in cf-h1-proxy.c (libcurl)
Summary: When an HTTP/1.x proxy returns a 407 with no Content-Length and no chunked transfer-encoding, lib/cf-h1-proxy.c singleheader sets ts-keepon = KEEPONDONE but never sets ts-closeconnection = TRUE. Because ts-closeconnection and conn-bits.close both stay false, the CONNECT tunnel state...
CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-45039
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
EUVD-2026-32998
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-45039
RustFS prior to 1.0.0-beta.2 uses an HMAC-SHA256 signature for internode RPC authentication that falls back to DEFAULT_SECRET_KEY = "rustfsadmin" if neither RUSTFS_RPC_SECRET nor the global S3 secret key is configured. The vulnerability arises from get_shared_secret() in crates/ecstore/src/rpc/ht...
CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...
CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...
Improper Authorization
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Authorization via the jwt middleware when the Authorization header uses any scheme, not just Bearer. An attacker can gain unauthorized access by presenting a valid JWT under a...