CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

CVE-2026-43585

OpenClaw (affected component: gateway authentication) exposes a bearer token validation flaw prior to version 2026.4.15. The issue occurs because the service captures the resolved bearer-auth configuration at startup and does not re-resolve authentication per request after SecretRef rotation, all...

EUVD-2026-26758

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

PT-2026-23790

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise has an issue where the NVIDIA NIM router endpoint '/api/v1/nvidia-nim/' was incorrectly whitelisted in the global authentication middleware. This allowed unauthenticated access to sensitive...

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from multiple methods of skipping minion token validation, which could lead to a malicious minion impersonating...

Wordpress plugin Booster for WooCommerce 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security feature issue vulnerability...

USN-4993-1 dovecot vulnerabilities

Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. CVE-2021-29157 Fabian Ising and Damian Poddebniak discovered that...

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04092)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...