EUVD-2026-36474

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

EUVD-2026-32742

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

CVE-2026-8719 AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

CVE-2026-40103

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities were caused by an issue with token authorization for custom project background routes, which could lead to unauthorized authorization...

CVE-2026-34953

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access t...

GHSA-CJV3-M589-V3RX OpenClaw has Canvas route hardening for mixed-trust deployments

Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...

CVE-2026-25164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

CVE-2025-61673

Karapace is an open-source Kafka REST and Schema Registry implementation. Affected versions 5.0.0 and 5.0.1 contain an authentication bypass when OAuth 2.0 Bearer Token authentication is configured: if a request arrives without an Authorization header, the token validation logic is skipped entire...

EUVD-2022-29100

Malicious code in bioql PyPI...

Apache Linkis Authentication Bypass vulnerability

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

CVE-2023-27987

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

CVE-2023-27987 Apache Linkis gateway module token authentication bypass

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

PT-2022-16529 · Unknown · Ourphoto App

Name of the Vulnerable Software and Affected Versions: Ourphoto App version 1.4.1 Description: The issue concerns the improper implementation of the user token authorization header on the /apiv1/ API endpoints. This allows an attacker to bypass authorization and session management by removing the...

HackerOne: The request tells the number of private programs, the new system of authorization /invite/token

Summary: Hi team. The old version of the invite program, looks simple. A link to the program in which you need to log in.Now this looks through token.So my PoC I think you can count work since you have changed the system to a new, token Description: Steps To Reproduce 1...