CVE-2026-50082

The Aqara Cloud Developer Portal is affected by a Missing Authentication for Critical Function (CWE-306) vulnerability where a developer token could be issued to any email address, enabling an unauthenticated user to potentially take over devices when combined with CVE-2026-50083/84/85. The CVSS ...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

bookcars 安全漏洞

BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from an insecure authentication mechanism in the/api/social-sign-in endpoint, which could allow attackers to bypass authentication using...

PT-2026-48173

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

EUVD-2026-25818

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-15059)

OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...

PT-2026-21887

Name of the Vulnerable Software and Affected Versions WPGSI: Spreadsheet Integration plugin for WordPress versions through 3.8.3 Description The WPGSI: Spreadsheet Integration plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to the absence of proper...

AC Smart II - Authentication Bypass

AC Smart II contains an authentication bypass caused by a hidden password reset form that can be manipulated to change the administrator password without verifying login or permissions, letting attackers change admin passwords without authorization. id: CVE-2025-10204 info: name: AC Smart II -...

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...