CVE-2026-35030

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. When JSON Web Token JWT authentication is enabled, the OIDC user information cache uses a truncated portion of the token as a cache key. An unauthenticated attacker can exploit this by crafting a JWT with the same...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...

PT-2026-28078

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

CVE-2026-0966

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from unsafe default configurations in the server/settings.default.js file, which disable authentication. As a result, unauthenticated remot...

CVE-2020-37026

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...

CVE-2020-37026 Sickbeard 0.1 - Cross-Site Request Forgery

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...

CVE-2020-37026 Sickbeard 0.1 - Cross-Site Request Forgery

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...

CVE-2020-37026

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...

CVE-2020-37026

Sickbeard alpha is affected by CVE-2020-37026: a cross-site request forgery that enables an attacker to disable authentication by submitting crafted configuration parameters. This can trick a user into submitting a malicious form that clears the web username and password, effectively removing aut...

PT-2026-5468

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...

EUVD-2019-7779

Malware in sbrugna...

EUVD-2025-4178

Malicious code in bioql PyPI...

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...

CVE-2019-17372

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNUaccessPasswordrecovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D,...

CVE-2025-26364

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...

PT-2024-34370 · Watcharr · Watcharr

Name of the Vulnerable Software and Affected Versions: Watcharr versions 1.43.0 and below Description: A vulnerability in a weak JWT token allows attackers to perform privilege escalation using a crafted JWT token. This issue is not limited to privilege escalation but also affects all functions...

PT-2024-5612 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.0.5 Description: The issue is related to an open redirect vulnerability in the authentication view of Mobile Security Framework MobSF, a security research platform for mobile applications...

PT-2024-5029 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...

PT-2024-12590 · Unknown · Jlink Ax1800

Name of the Vulnerable Software and Affected Versions: Jlink AX1800 version 1.0 Description: An issue in the Jlink AX1800 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. Recommendations: For version 1.0, consider disabling the authentication mechanism...