Exploit for Missing Authentication for Critical Function in Cpanel

Sorry Ransomware Analysis CVE-2026-41940 cPanel Campaign Pu...

CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7713

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

CVE-2026-7713 crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

Calibre-Web Automated 安全漏洞

Calibre-Web Automated is a self-hosted digital library management tool developed by CrocodileStick’s individual developer. Versions of Calibre-Web Automated prior to 4.0.6 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the generateauthtoken functi...

PT-2026-37161

Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0 through 0.31.7.0 Description The auth filter contains commented-out code for checking if a user is deactivated or banned. While the loggedIn function in CodeIgniter Shield verifies the status field to identify banned user...

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

EUVD-2026-26849

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

PT-2026-36726

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions prior to 0.6.27 Description Improper authorization occurs in the Endpoint component due to the manipulation of the user id argument within the generate auth token function located in the cps/kobo auth.py file. Thi...

Calibre-Web 安全漏洞

Calibre-Web is a web application developed by Jan B, designed for browsing, reading, and downloading e-books from the Calibre database. Calibre-Web versions 0.6.26 and earlier contain security vulnerabilities. These vulnerabilities stem from the generateauthtoken function in the Endpoint...

squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

dovecot: Fix of CVE-2017-15132

CVE-2017-15132: fix memory leak and hash-table use-after-free in authclientrequestabort lib-auth. Squashed upstream commits 1a29ed2f96da and a9b135760aea...

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

GHSA-MQ9Q-25HM-G4GP AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-7579

The vulnerability CVE-2026-7579 affects AstrBotDevs AstrBot (Dashboard component), specifically in the file astrbot/dashboard/routes/auth.py where hard-coded credentials are manipulated. This issue can be exploited remotely, and exploitation has been disclosed publicly. Affected software version ...