Lucene search
K

1494 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-39508

File Browser: Authentication Bypass via Proxy Auth Header Forgery...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday22 views

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

RegistrationMagic WordPress plugin versions = 5.0.1.7 contain an authentication bypass caused by missing identity validation in socialloginusingemail, letting unauthenticated users log in as any site user, exploit requires knowing a valid username. id: CVE-2021-4073 info: name: RegistrationMagic ...

9.8CVSS7AI score0.07EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday93 views

WordPress Pie Register <= 3.7.1.4 - Authentication Bypass

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting socialsite=true and manipulating the useridsocialsite parameter,...

10CVSS8AI score0.09903EPSS
Exploits7References3
CVE
CVE
added 2026/07/03 8:19 p.m.159 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
Snyk
Snyk
added 2026/07/02 1:50 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2026/06/27 8:16 a.m.10 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.40 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
CVE
CVE
added 2026/06/25 5:46 p.m.10 views

CVE-2026-54089

CVE-2026-54089 impacts File Browser when configured with proxy authentication (auth.method=proxy). The issue allows an unauthenticated attacker who can reach the server to impersonate any user—including an administrator—by sending a single forged HTTP header. No credentials are required. Addition...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:7 p.m.6 views

CVE-2026-55759

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 8:59 p.m.3 views

GHSA-R3CW-C95M-WFH9 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 3:41 p.m.9 views

User Impersonation

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...

5.3CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/18 8:36 p.m.4 views

User Impersonation

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name...

8.6CVSS5.9AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 8:36 p.m.7 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name metadat...

8.6CVSS5.9AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 3:20 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the agentid metadata in the gRPC communication process. An attacker can impersonate other agents on the same server by injecting a forged value into outgoing metadata, leading to unauthorized cross-tenant actions...

7.1CVSS6AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:38 p.m.8 views

User Impersonation

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to protected management routes by crafting a malicious...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 11:38 p.m.9 views

User Impersonation

Overview litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References2
Rows per page
Query Builder