Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

Improper Enforcement of Behavioral Workflow

Overview YAFNET.Core is an Open Source Forum solution! The YAF.NET project is an international collaboration of like-minded, skilled, and creative individuals who are striving to make YAF.NET the most robust and malleable forum solutions available. Affected versions of this package are vulnerable...

CVE-2026-34072

CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...

CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

CVE-2026-34072

CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...

CVE-2026-34072

CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...

CVE-2026-32562 WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

CVE-2025-70758

CVE-2025-70758 affects the chetans9 core-php-admin-panel. The vulnerability is in includes/auth_validate.php, where after issuing an HTTP redirect with header(Location: login.php) the code does not call exit(), allowing remote unauthenticated attackers to bypass authentication and access protecte...

PT-2026-5986

Name of the Vulnerable Software and Affected Versions chetans9 core-php-admin-panel through commit a94a780d6 Description The application does not call exit after sending an HTTP redirect via headerLocation:login.php when a user is not authenticated. This allows remote unauthenticated attackers to...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

CVE-2025-23875

Cross-Site Request Forgery CSRF vulnerability in madeglobal Better Protected Pages better-protected-pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through = 1.0...

EUVD-2025-33789

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

CVE-2025-9551 Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

CVE-2025-9551

The CVE-2025-9551 entry concerns the Drupal Protected Pages module (vulnerable up to 1.7.x; affected range 0.0.0 through before 1.8.0). Root cause: lack of restriction on the number of authentication attempts, enabling brute-force attacks on protected pages. Impact is described as potential brute...

CVE-2025-9551 Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...