CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

EUVD-2026-18432

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-27936

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...

PT-2026-24819

Name of the Vulnerable Software and Affected Versions OliveTin versions 3000.10.2 and earlier Description OliveTin allows access to predefined shell commands through a web interface. In versions 3000.10.2 and earlier, the live EventStream broadcasts execution events and action output to...

EUVD-2022-24843

Malicious code in bioql PyPI...

EUVD-2025-27210

Malicious code in bioql PyPI...

CVE-2010-1435

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from...

CVE-2024-5920

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions ...

CVE-2024-5920

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions ...

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from inconsistent authorization permissions that could allow external participants with authenticated accounts to perform restricted operations on data sets and...

PT-2024-35172 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: The issue is related to inconsistent authorization permissions in data.all, which may allow an external actor with an authenticated account to perform restricted operations against DataSet...

CVE-2020-36831

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like...

CVE-2020-36831

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like...

PT-2023-4389 · Moxa · Moxa Tn-5900 Series

Name of the Vulnerable Software and Affected Versions: Moxa TN-5900 Series firmware version v3.3 and prior Description: The issue is related to improper authentication in the web API handler of the Moxa TN-5900 Series firmware, allowing low-privileged APIs to execute restricted actions. This...

CVE-2023-27897

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform...

IBM Sterling B2B Integrator 安全漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator...

CVE-2021-29780

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085...

Authorization Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to authorization bypass. The insecure configuration in GCE-type bound labels for GCP auth method could allow for an attacker to bypass authorization and access otherwise restricted actions...

CVE-2020-1796

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI...