WordPress Pie Register <= 3.7.1.4 - Authentication Bypass

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting socialsite=true and manipulating the useridsocialsite parameter,...

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

CVE-2026-54089

CVE-2026-54089 impacts File Browser when configured with proxy authentication (auth.method=proxy). The issue allows an unauthenticated attacker who can reach the server to impersonate any user—including an administrator—by sending a single forged HTTP header. No credentials are required. Addition...

GHSA-R3CW-C95M-WFH9 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

User Impersonation

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...

User Impersonation

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name...

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name metadat...

User Impersonation

Overview litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to...

User Impersonation

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to protected management routes by crafting a malicious...

CVE-2026-49952

Discuz! X5.0 (versions 20260320–20260501) contains an authentication bypass vulnerability in which an attacker can abuse a shared cryptographic key between UCenter integration and the dbbak.php database backup API. By injecting a crafted payload via the login username, an encryption-oracle path i...

PT-2026-49559

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

User Impersonation

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explic...

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via insufficient validation in the Control UI pairing process. An attacker can obtain persistent administrative device tokens by spoofing locality information over the...

CVE-2026-47838

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

User Impersonation

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker can impersonate another user by...

User Impersonation

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker...

[SECURITY] [DSA 6331-1] keystone security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 08, 2026 https://www.debian.org/security/faq -...

Debian dsa-6331 : keystone - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6331 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 [email protected]...