161136 matches found
EUVD-2026-38013
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
CVE-2026-39999
CVE-2026-39999 is an authentication bypass in Apache APISIX caused by misconfigurations in the jwt-auth plugin. Affected versions are 2.2 through 3.16.0; the issue allows bypassing authentication via spoofed tokens. The entry is resolved by upgrading to v3.17.0, which fixes the vulnerability. Rel...
CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
CVE-2026-50242
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
EUVD-2026-38008
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-50242
JetBrains Hub is affected by an authentication bypass vulnerability in versions listed (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The issue allows bypass via direct database access, leading to administrative access. The CVSS metrics indicate ...
CVE-2026-56142
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
EUVD-2026-38007
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
CVE-2026-56142
In JetBrains Hub, prior to 2026.1.13757, and across versions 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429, there is a privilege escalation vulnerability described as: attaching authentication details to accounts enables elevation of privileges. The sources (NVD, CVE l...
Astra Linux – Vulnerability in Apache2
A encoding issue in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. Users are recommended to upgrade to version 2.4.60, which fix...
Astra Linux – Vulnerability in exim4
Exim NTLM Challenge Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the handling of NTLM...
Astra Linux – Vulnerability in Firefox
The “Copy Image Link” context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows—in conjunction with a Content Security Policy that stopped a redirection chain in the middle—the final image URL could contain an authentication toke...
Astra Linux – Vulnerability in Zabbix
The researcher has shown that due to the way the SNMP trap log is parsed, an attacker can create an SNMP trap with additional lines of information, causing forged data to appear in the Zabbix UI. This attack requires that SNMP authentication be disabled, and/or that the attacker knows the...
Astra Linux – Vulnerability in pgpool2
Information disclosure vulnerabilities exist in Pgpool-II versions 4.4.0 to 4.4.1 4.4 series, 4.3.0 to 4.3.4 4.3 series, 4.2.0 to 4.2.11 4.2 series, 4.1.0 to 4.1.14 4.1 series, 4.0.0 to 4.0.21 4.0 series, all versions of the 3.7 series, all versions of the 3.6 series, all versions of the 3.5...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sctp: Handle the error returned from sctpauthasocinitactivekey. When an error is returned from sctpauthasocinitactivekey, the activekey is not actually updated. The old shkey remains freed while it’s still being used as the activ...
Astra Linux – Vulnerability in PostgresSQL 11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...
Astra Linux – Vulnerability in Apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fixed a socket memory leak in the handling of TCP-AO failures for IPv6. When tcpaocopyallmatching fails in tcpv6synrecvsock, the function simply exits. This results in a memory leak: unreferenced object 0xffff0000281a820...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In libceph, the error from monhandleauthdone should be returned. Currently, any error from cephauthhandlereplydone is propagated via finishauth, but it is not returned from monhandleauthdone. This results in higher layers...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, and watchOS 10.5. An attacker with arbitrary read and write capabilities may be able to bypass Pointer Authentication...