93 matches found
ChurchCRM - API Authentication Bypass via URL Injection
ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...
CVE-2026-56237
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-48020
Traefik CVE-2026-48020 describes an authentication bypass via StripPrefix Route-Level Auth Bypass. Prior to fixes, when a public router uses PathPrefix with StripPrefix, requests containing .. or %2e%2e could match the public route, then after prefix stripping and path normalization, resolve to a...
Cross-Origin Resource Sharing (CORS) Misconfiguration
hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...
PT-2026-48684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the authentication process. An attacker can gain unauthorized access to protected API endpoints, including those with administrative privileges, by forging valid JWT tokens using a publicly known secret...
CVE-2026-39339
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...
CVE-2026-43885
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...
CKAN 跨站请求伪造漏洞
CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from allowing endpoints to be marked as n...
CVE-2026-43885
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...
CVE-2026-43885 WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...
CVE-2026-43885
CVE-2026-43885 affects WWBN AVideo up to version 29.0, where an unauthenticated user can read the APISecret from objects/plugins.json.php and then call protected API endpoints (e.g., users_list) without logging in. The underlying issue is public exposure of a plugin config that contains APISecret...
CVE-2026-43885 WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...
WWBN AVideo 信息泄露漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain an information leakage vulnerability. This vulnerability arises because unverified users can read the APISecret from objects/plugins.json.php and use it ...
AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
Summary An unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Details objects/plugins.json.php is public and still exposes plugin objectdata containing APISecret. That secret is accepted by...
PT-2026-37301
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated user can access the public endpoint "objects/plugins.json.php" to read the APISecret from the plugin object data. This secret can then be used to authenticate requests to the...
Authorization Bypass
spring-security-config is vulnerable to Authorization Bypass. The vulnerability is due to incorrect handling of the servlet-path attribute in , where the servlet path is not included when computing the path matcher, causing defined authorization rules to be skipped and allowing unauthorized acces...
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...