OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

CVE-2026-30805 Insecure Default Initialization in API Authentication leads to Authentication Bypass

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30805 Insecure Default Initialization in API Authentication leads to Authentication Bypass

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 (Application Build 26.12.48244, Platform Build 26.0.48120)

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 Application Build 26.12.48244, Platform Build 26.0.48120 Overview This update replaces previously released updates. You should always install the latest update.After you install this hotfix, you might have to update your...

CVE-2026-28205

OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...

JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

CVE-2025-41258 LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

Server-Side Request Forgery

Idno is vulnerable to Server-Side Request Forgery. The vulnerability is due to a logic error in the API authentication flow that bypasses CSRF protection, where the endpoint lacks a login requirement and unauthenticated attackers can trigger arbitrary outbound HTTP requests to any host and retrie...

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper authentication of the management API, which could lead an attacker to create new users with administrator privileges, which...

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App...

CVE-2025-13315 Unauthenticated log access in Twonky Server

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

AZL-69890 CVE-2025-64432 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...