CVE-2026-25555 OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

EUVD-2026-33318

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that...

GHSA-X9P5-W45C-7FFC Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

CVE-2022-31130

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...