1148 matches found
CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
CVE-2026-12352
Technical details (affected products/versions, root cause, exploit conditions, or remediation) are not publicly provided in the supplied documents. Monitor for updates on CVE-2026-12352.
EUVD-2026-42047
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
PT-2026-56192
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An unauthenticated actor can bypass authentication to gain access to restricted resources on the device. Recommendations At the moment, there is no information...
EUVD-2026-41905
Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an...
PT-2026-55656
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authentication bypass exists when using a malformed SSH sub-verb during LFS Large File Storage operations. This flaw allows unauthorized read access to privat...
CVE-2026-55113
A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...
CVE-2026-54407
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...
CVE-2026-54407
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints...
CVE-2026-54408
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming...
CVE-2026-54403
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances...
CVE-2026-54408
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming...
EUVD-2026-41381
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances...
EUVD-2026-41382
A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...
CVE-2026-54407
The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...
PT-2026-55239
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to bypass authentication on the affected devices or instances. Path...
CVE-2026-53576
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...
GO-2026-5163 Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik
Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik...
CVE-2026-9782
Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...