46 matches found
CVE-2026-34531
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...
CVE-2026-34531 Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...
CVE-2026-34531
CVE-2026-34531 affects Flask-HTTPAuth (Python package) and concerns the token verification callback receiving an empty string when a request targets a token-protected resource without a token or with an empty token. This could allow authentication against any user whose token is an empty string. ...
CVE-2026-34531
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...
PT-2026-29829
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description A flaw exists in the token validation process, where the OAuthManager.validate token function incorrectly returns True for any token not found in its internal store. This store is empty by...
Flask-HTTPAuth 授权问题漏洞
Flask-HTTPAuth is an HTTP authentication extension for the Flask framework developed by Miguel Grinberg. Versions of Flask-HTTPAuth prior to 4.8.1 had an authorization vulnerability. This vulnerability occurred when the client made a request to a resource protected by a token, but did not pass th...
Improper Authentication
Overview Flask-HTTPAuth is a HTTP authentication for Flask routes Affected versions of this package are vulnerable to Improper Authentication in the token verification process. An attacker can gain unauthorized access by submitting a request with a missing or empty token if the application stores...
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...
PT-2026-29428
Name of the Vulnerable Software and Affected Versions Flask-HTTPAuth versions prior to 4.8.1 Description Flask-HTTPAuth, when used with token authentication, could potentially authenticate client requests against any user in the database with an empty string set as their token if the client reque...
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...
BIT-ARGO-WORKFLOWS-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
EUVD-2022-7651
Malicious code in bioql PyPI...
Exploit for CVE-2024-9933
CVE-2024-9933 WatchTowerHQ = 3.10.1 - Authentication Bypas...
Authentication Bypass
SilverStripe is vulnerable to Authentication Bypass. The vulnerability is caused by providing an empty token parameter with secure token parameters like isDev or flush, allowing bypass of normal authentication mechanisms...
PT-2024-40284 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows bypassing normal authentication parameters by providing an empty token parameter to a SilverStripe site when a secure token parameter is given, such as isDev or flush...
GHSA-FPVW-6M5V-HQFP Capsule Proxy Authentication bypass using an empty token
The privilege escalation is based on a missing check if the user is authenticated based on the TokenReview result. All the clusters running with the anonymous-auth Kubernetes API Server setting disable set to false are affected since it would be possible to bypass the token review mechanism,...
golang-nanoauth authentication bypass vulnerability
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
PT-2021-12084 · Unknown · Golang-Nanoauth
Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...
Information Exposure
Overview spreeapi is a Spree Api module Affected versions of this package are vulnerable to Information Exposure. An attacker can query the API v2 Order Status endpoint with an empty string passed as an Order token. Remediation Upgrade spreeapi to version 3.7.13, 4.0.5, 4.1.12 or higher. Referenc...