CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-36727

CVE-2026-36727 affects bookcars version 8.3. An insecure authentication vulnerability exists in the /api/social-sign-in endpoint that allows bypassing authentication by forged JWT tokens. The issue is documented across multiple feeds (NVD, Red Hat, CVE records) with no explicit exploit details or...

CVE-2026-0247

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

CVE-2026-48897

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2023-5502 On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication...

OSNexus QuantaStor SDS Manager 安全漏洞

OSNexus QuantaStor SDS Manager is a software-defined storage management platform developed by the American company OSNexus. There is a security vulnerability in OSNexus QuantaStor SDS Manager. This vulnerability stems from improper cleaning of the user name field in the login endpoint, allowing...

PT-2026-45446

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

EUVD-2018-21946

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

PT-2026-44379

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

PT-2026-44036

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

CVE-2026-48896

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

PT-2026-43394

Name of the Vulnerable Software and Affected Versions AppLockZ App Lock and Fingerprint Lock version 4.2.11 Description A local attacker with physical access can bypass the PIN lock because the lock is implemented as an overlay instead of using Android's secure authentication APIs. By navigating...

ROS-20260524-73-0027

Vulnerability in docker-ce related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

CVE-2026-43634

CVE-2026-43634 affects HestiaCP versions 1.2.0–1.9.4. The vulnerability is an IP spoofing flaw: unauthenticated attackers can send arbitrary IPs via the CF-Connecting-IP header, bypassing authentication controls and Cloudflare network verification. This can defeat fail2ban brute-force protections...

HestiaCP 安全漏洞

HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...