164 matches found
CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
EUVD-2026-42047
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
CVE-2026-12352
Technical details (affected products/versions, root cause, exploit conditions, or remediation) are not publicly provided in the supplied documents. Monitor for updates on CVE-2026-12352.
CVE-2026-12352 Incorrect Authorization
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
PT-2026-56192
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An unauthenticated actor can bypass authentication to gain access to restricted resources on the device. Recommendations At the moment, there is no information...
CVE-2026-7185
A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...
CVE-2026-49288 Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...
CVE-2026-49288
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...
Missing Authorization
Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...
EUVD-2026-30093
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
CVE-2026-0241 Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
Palo Alto Networks Trust Protection Foundation 代码问题漏洞
Palo Alto Networks Trust Protection Foundation is a machine identity and certificate security management platform provided by Palo Alto Networks. There is a code vulnerability in Palo Alto Networks Trust Protection Foundation, which stems from incorrect authorization. This vulnerability could all...
PT-2026-40766
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...
CVE-2026-41912
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources...
CVE-2026-41912
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources...
CVE-2026-41912
OpenClaw (npm package) before 2026.4.8 is affected by a Server-Side Request Forgery (SSRF) policy bypass via Interaction-Triggered Navigation. The issue allows browser interactions to trigger navigations that bypass normal SSRF checks, potentially enabling access to restricted resources. Affected...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgery strategy that bypassed security measures. This could allow attackers to trigger...
PT-2026-35794
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A server-side request forgery SSRF policy bypass allows attackers to trigger navigations that circumvent standard SSRF checks. By exploiting browser interactions, attackers can bypass these...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict via a mismatch in path normalization between components. An attacker can gain unauthorized access to restricted resources or perform actions without proper authentication by crafting requests with specially...