CVE-2026-30789

CVE-2026-30789 concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. It enables an authentication bypass via capture-replay and the use of a password hash with insufficient computational effort, by reusing Session IDs (session replay) in login and peer aut...

CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Reusing Session IDs aka Session Replay. Thi...

AI Gateway secret API accepts `$ENV_VAR` references and can be remotely abused to exfiltrate server-side environment credentials to an attacker-controlled upstream endpoint. And the leaked credentials can be further leveraged to break security boundaries.

Analyzed project versions: Current target branch: master Current HEAD: dc8ef3cbbefccf7384f4e3023492aae635c5d5d0 Fix 403 Forbidden for artifact list via query param when defaultpermission=NOPERMISSIONS 21220, commit date: 2026-03-04 The vulnerability is that AI Gateway secrets allow...

CVE-2025-70949

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

PT-2026-23511

Name of the Vulnerable Software and Affected Versions @perfood/couch-auth version 0.26.0 Description A host header injection flaw exists in the mailer component. This allows attackers to obtain reset tokens and potentially take over accounts by manipulating the HTTP Host header. The affected...

PT-2026-23456

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

PT-2026-23471

Name of the Vulnerable Software and Affected Versions D-Link DIR-513 version 1.10 Description The D-Link DIR-513 version 1.10 device has a flaw where it doesn't properly check the FILECODE parameter when handling POST requests to the /goform/formLogin endpoint. This allows for a path traversal...

CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS

Impact There is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize...

SUSE CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

CVE-2025-70222

CVE-2025-70222 affects D-Link DIR-513 v1.10. A stack buffer overflow is triggered via the curTime parameter in the /goform/formLogin and /goform/getAuthCode endpoints. The vulnerability is characterized as a network-accessible issue with high impact to confidentiality, integrity, and availability...

CVE-2026-27981 HomeBox has an Auth Rate Limit Bypass via IP Spoofing

HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter authRateLimiter tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3. r.RemoteAddr TCP connection...

GHSA-JMMG-JQC7-5QF4 OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. Context and Preconditions OpenClaw’s web/gateway surface ...

OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access

Description In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees. This required a...

GHSA-3CVX-236H-M9FJ OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access

Description In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees. This required a...

GHSA-MWXV-35WR-4VVJ OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...

OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...

GHSA-HFF7-CCV5-52F8 OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Summary When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements...

CVE-2025-15598

CVE-2025-15598 affects Dataease SQLBot up to 1.5.1. The flaw is in JWT Token Handler’s validateEmbedded (backend/apps/system/middleware/auth.py); manipulation leads to improper cryptographic signature verification. It can be triggered remotely with high attack complexity; an exploit has been publ...