37 matches found
CVE-2026-54089
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...
EUVD-2026-36224
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...
CVE-2026-9694
GitLab CE/EE (all supported lines affected) had a vulnerability allowing an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply. Root cause: improper neutralization in email template processing. Remediation: patc...
PT-2026-48657
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue in email template processing allows an unauthenticated user to impersonate the GitLab Support...
100xDevs CMS 安全漏洞
100xDevs CMS is an open-source content management system developed by code100x. There is a security vulnerability in 100xDevs CMS, which stems from an authentication bypass in the Mobile API. This vulnerability could allow unauthenticated attackers to impersonate any user by submitting specially...
VulnCheck KEV: CVE-2026-8181
The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...
BASM (Broken Authentication & Session Management) in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0,...
PT-2026-35025
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on SSO with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability...
PT-2026-33093
Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings versions 39.6 through 45.4 Description An issue in the integration of single sign-on SSO with Control Hub in Cisco Webex Services allows an unauthenticated, remote attacker to impersonate any user within the service. This...
LiteLLM 授权问题漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...
CVE-2026-22552 ePower epower.ie Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Vulnerability fixed in Microsoft Exchange
Microsoft has fixed a vulnerability in Exchange server. A malicious person could, without prior authentication, impersonate another user and thus gain access to sensitive data in the victim's context. Microsoft has made updates available that fix the described vulnerability. We recommend that you...
CVE-2025-12420
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 ,...
EUVD-2025-206275
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
CVE-2025-12420
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
CVE-2025-12420
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...