CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

100xDevs CMS 安全漏洞

100xDevs CMS is an open-source content management system developed by code100x. There is a security vulnerability in 100xDevs CMS, which stems from an authentication bypass in the Mobile API. This vulnerability could allow unauthenticated attackers to impersonate any user by submitting specially...

Tigo Energy CCA Command Injection

This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...

CVE-2023-2734

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

Pwning smart garage door openers

TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it had unique passwords per device But we found a way in, allowing us to open all the garage doors …And made it play...

Pornhub: Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]

Hi, While testing the mobile API, I came across an issue which allows anyone to check whether a specific video has been favourited by a user or not. The mobile API has the following endpoint which checks whether a video has been favourited or not. However the endpoint is unauthenticated and it is...

Arbitrary File Deletion Vulnerability in the showDeleteContactTempFile() Function of Tibus Communications Call Center System

The core of the Tibco call center system is a communication-based enterprise internal and external communication system. An arbitrary file deletion vulnerability exists in the showDeleteContactTempFile function of the Tibco Call Center System. Vulnerability file:...

C And C++ For OS Filter Bypass / Script Insertion

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

Authentication Flaw in PayPal mobile API Allows Access to Blocked Accounts

.jpg Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability, which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users’ PayPal account. The security vulnerability actually resid...

Facebook Vulnerability - Beware of A New XSS on Facebook !

Facebook Vulnerability - Beware of A New XSS on Facebook ! Url : https://m.facebook.com/connect/promptfeed.php?display=wap&usermessageprompt=%3Cscript%3Ealert%281 %29%3C/script%3E New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version,...