ROS-20260605-73-0064

The vulnerability in Firefox relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

EUVD-2026-33743

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - Palo Alto Networks GlobalProtect Authenticatio...

EUVD-2026-32650

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

CVE-2026-0265 Vulnerability Assessment Tool

CVE-2026-0265 is a remote authentication bypass affecting PAN-OS and Panorama that triggers when an authentication profile uses Cloud Authentication Service CAS. This tool safely detects whether an instance is vulnerable without authenticating any session or modifying any state...

EUVD-2026-29212

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

Unity Linux 20.1060e / 20.1070e Security Update: openvpn (UTSA-2026-017649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017649 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

📄 GNU InetUtils telnetd Remote Privilege Escalation

GNU InetUtils versions 2.0 through 2.6 telnetd remote privilege escalation proof of concept exploit. Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage:...

CVE-2026-7042

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

CVE-2026-5570

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function indexconfig of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may ...

CVE-2026-5570

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function indexconfig of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may ...

CVE-2026-5570

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function indexconfig of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may ...

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

PT-2026-25602

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

PT-2026-23944

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...