Exploit for CVE-2026-28699

CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth...

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware versions 1.2.0 through 1.10.1. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted...

EUVD-2026-34890

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

UBUNTU-CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

EUVD-2026-34067

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

CVE-2026-5078

CVE-2026-5078 affects the morgan logging middleware; versions 1.2.0 through 1.10.1 write the Basic auth username from the Authorization header into logs without neutralizing CR/LF control characters, enabling log forgery. Affected formats include built-in combined, common, default, short, and any...

morgan 安全漏洞

Morgan is an open-source HTTP request logging middleware developed by ExpressJS. Versions 1.2.0 to 1.10.1 of Morgan contain security vulnerabilities. These vulnerabilities stem from the remoteuser token not being escaped with control characters, which may lead to log manipulation...

EUVD-2026-31938

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...

CVE-2026-45223

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...

User Impersonation

Overview @openclaw/crabbox-plugin is an OpenClaw plugin for running Crabbox remote testbox workflows Affected versions of this package are vulnerable to User Impersonation in the verifyUserToken function. An attacker can gain unauthorized administrative access by injecting an admin claim into a...

CVE-2026-45223 Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...

CVE-2026-22734

Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...

EUVD-2026-20590

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...

CVE-2026-33758

A flaw was found in OpenBao. Installations that have an OIDC/JWT authentication method enabled with a role configured to use callbackmode=direct are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker to access the token used by an...

Cloudfoundry UAA has logic error in the token revocation endpoint implementation

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...