2039 matches found
Symfony HttpFoundation - Access Control Bypass via PATH_INFO
Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...
CVE-2026-40139
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
CVE-2026-40138
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-49086
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of the PKCE S256 challenge during the OAuth2 token exchange process. An attacker can obtain access tokens without providing the expected code verifier by bypassing the intended...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the LFS mirror synchronization process. An attacker can bypass configured HTTP transport restrictions by initiating LFS push or sync mirror operations, allowing unauthorized network requests to be made outside o...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the OAuth sign-in callback process. An attacker can regain access to accounts that have been disabled by an administrator by initiating an OAuth sign-in, resulting in unauthorized re-enablement of those account...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the omission of SSH host verification options in the --proto-default process. An attacker can intercept or impersonate an SSH server by exploiting the lack of host verification during connection establishmen...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the connection reuse process. An attacker can gain unauthorized access to resources or services by exploiting the reuse of an authenticated connection intended for a different service. Remediation Upgrade libcur...
EUVD-2026-40537
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-14052
Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-13852
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
CVE-2026-13852
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
CVE-2026-13852
Summary (CVE-2026-13852): Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android before 150.0.7871.47 allows a local attacker to bypass discretionary access control via a crafted HTML page. The issue is tracked across multiple sources (NVD, Debian, EUVD, CVE List...