CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

CVE-2026-54021

Summary: Open WebUI prior to 0.9.6 allows any authenticated user to direct requests to arbitrary Ollama backends by appending a caller-supplied url_idx, bypassing backend-level isolation and possibly reaching restricted or disabled backends. The issue arises on index-addressed Ollama proxy routes...

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

Security Bulletin: Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

Summary IBM Storage Protect Snapshot For Windows is affected by allowing a remote unauthenticated attacker to bypass authentication and gain SYSTEM-level access due to a hardcoded credential. Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1....

CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

CVE-2026-35019

NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

RestroPress 3.0.0-3.2.1 - Authentication Bypass

RestroPress Online Food Ordering System WordPress plugin 3.0.0 to 3.1.9.2 contains an authentication bypass caused by exposure of user private tokens and API data via /wp-json/wp/v2/users endpoint, letting unauthenticated attackers forge JWT tokens and authenticate as other users including...

vBulletin 5.0.0-6.0.3 - Authentication Bypass

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to...

Canon Devices - Authentication Bypass in Catwalk Server

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass

Zyxel NBG2105 V1.00AAGU.2C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access. id: CVE-2021-3297 info: name: Zyxel NBG2105 V1.00AAGU.2C0 - Authentication Bypass author: gy741 severity: high description: Zyxel NBG21...

Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass

Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for...

Pega Infinity - Authentication Bypass

Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. id: CVE-2021-27651 info: name: Pega Infinity - Authentication Bypass author: idealphase,daffainf...

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

Zoho ManageEngine - getUserAPIKey Authentication Bypass

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

Deep Sea Electronics DSE855 - Authentication Bypass

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...