CVE-2026-56237

CVE-2026-56237 — Capgo : Capgo prior to 12.128.2 has a broken authentication vulnerability in its API key generation. API keys are exposed in frontend requests, and the backend does not validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the ...

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

GHSA-G8VR-X4QH-25QG Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

Technical details (affected product/version, root cause specifics, impact, or remediation) are not publicly available in the provided documents; monitor for updates.

EUVD-2026-30841

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-43968

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

CVE-2026-1363

CVE-2026-1363 affects IAQS and I6 by JNC. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that lets unauthenticated remote attackers manipulate the web front-end to gain administrator privileges. CVSS metrics indicate high impact to confidentiality, integ...

CVE-2026-1201

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

CVE-2026-1201 Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

PT-2026-4286

Name of the Vulnerable Software and Affected Versions Hubitat Elevation versions prior to 2.4.2.157 Description A flaw exists in Hubitat Elevation home automation controllers that allows a remote authenticated user to control connected devices outside of their authorized scope. This is possible...

Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities

Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2281 Release Date: ============= 2022-01-05 Vulnerability Laboratory ID VL-ID: ====================================...

Exploit for Incorrect Default Permissions in Kramerav Viaware

Exploit Title: KRAMER VIAware 2.5.0719.1034 - Remote Code Exec...

Cross-Site Scripting (XSS)

activestorage is vulnerable to cross-site scripting. Signed download URLs that are generated for Google Cloud Storage include content-disposition and content-type parameters which can be modified on the client-side. This allows an attacker to upload specially crafted HTML files and inject arbitra...

Netis WF2419 Router - Cross-Site Request Forgery

Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...

Cross-Site Scripting (XSS) in HTML tag

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...