165 matches found
CVE-2026-61971
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...
CVE-2026-2398
MobilMen 20T (Adam Retail Automation Ltd) is affected by CVE-2026-2398 due to an Authorization bypass via a User-Controlled key, enabling Privilege Escalation. Affected versions are MobilMen 20T v3 through 10072026. CVSS 3.1 base score 8.8 (Network, Low attack complexity, Privileges Required: Low...
EUVD-2026-42014
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-5730
CVE-2026-5730 affects Idvlabs Ontime through version 04052026. The issue is an authorization bypass (IDOR) caused by a user-controlled key, enabling exploitation of trusted identifiers with no user interaction. CVSS 3.1 base score 7.5 (HIGH) with network attack vector, low attack complexity, no p...
EUVD-2026-39394
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...
CVE-2026-2815
The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...
CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...
EUVD-2026-38139
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...
CVE-2026-12771
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...
PT-2026-51197
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.59.9 Description An improper authentication flaw exists in the MCP Proxy component. Specifically, the UserAPIKeyAuth function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the removeAlarms process. An attacker can permanently delete alarm records belonging to other tenants by supplying arbitrary alarm IDs in a bulk delete request. This can result in...
PT-2026-48630
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...
CVE-2026-44083 QuMagie
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...
CVE-2026-44083
CVE-2026-44083 affects QuMagie. The vulnerability is an authorization bypass via a user-controlled key that could allow remote attackers to gain unintended privileges. Affected product: QuMagie (reported across multiple feeds). Root cause: authorization bypass enabling privilege escalation; explo...
EUVD-2026-35354
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...
CVE-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...
CVE-2026-42736
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...
CVE-2026-42736
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...
CVE-2026-35430
Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...
Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability
Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...