CVE-2026-12304

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

Flowise 1.6.5 - Authentication Bypass

The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. id: CVE-2024-31621 info: name: Flowise 1.6.5 - Authentication Bypass author: DhiyaneshDK severity: high description: | The flowise version = 1.6.5 is vulnerable to authentication bypass vulnerability. impact: |...

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

EUVD-2026-36792

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

CVE-2026-42752

The CVE-2026-42752 entry concerns the WordPress Stripe Payments plugin (versions up to 2.0.98). It describes an unauthenticated bypass vulnerability in Stripe Payments

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42662 WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-42662

CVE-2026-42662 affects the WordPress Event Tickets plugin (versions

CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

CVE-2026-27089

WPTravelly plugin for WordPress, versions

CVE-2026-53839

OpenClaw before 2026.5.7 has a hostname validation flaw in the retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. This can enable an attacker to craft a hostname prefix that resembles a trusted host, potentially causing authentication material to be sent to u...

CVE-2026-50008

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...

CVE-2026-48558

Summary (CVE-2026-48558): SimpleHelp

CVE-2026-47139 vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

CVE-2026-53721 Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4...

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

PT-2026-48836

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

CVE-2026-45174 Idira Endpoint Privilege Manager Linux Agent: Potential bypass of Agent Daemon Initialization

Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19...