CVE-2026-45109

A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

CVE-2026-27886 Vulnerability Assessment Tool

CVE-2026-27886 is an unauthenticated parameter sanitization bypass in Strapi versions 4.0.0 through 5.36.1 that allows remote, unauthenticated attackers to leak administrator secrets through the public Content API. This tool safely detects whether an instance is vulnerable without performing the...

Exploit for CVE-2026-23813

CVE-2026-23813 — AOS-CX Pre-Auth Authentication Bypass Unau...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Vulnerability Assessment Tool Safely detect wh...

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

EUVD-2026-30935

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

CVE-2026-4031 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

CVE-2026-42032

CKAN ( datastore_search_sql ) vulnerability allowing unauthenticated authorization bypass. Affects CKAN data management system; prior to versions 2.10.10 and 2.11.5, attackers could bypass authorization to access private resources and PostgreSQL system information. Fixed in CKAN 2.10.10 and 2.11....

CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service CAS is enabled. The risk is higher if CAS is enabled on the management interface and lower when...

PT-2026-40713

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An authentication bypass exists in the Cloud Authentication Service CAS component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with...

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

GitHub Enterprise Server 访问控制错误漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...