CVE-2026-45364

The CVE-2026-45364 issue affects Better Auth (TypeScript) where the HTTP rate limiter keyed by the leftmost x-forwarded-for value could be bypassed for IPv6. Before fixes, IPv6 prefix rotation (e.g., /64) and multiple textual representations could produce 2^64 distinct keys, letting an attacker p...

Mass FortiGate Symlink Bypass Scanner

FortiGate mass symlink bypass scanner that adds structured validation, impact assessment, and reporting logic. It first verifies whether the target actually appears to be a FortiGate device from Fortinet using fingerprinting heuristics, which reduces false positives. Instead of testing a single...

Authentication Scheme Parsing Bypass

org.keycloak, keycloak-parent is vulnerable to Authentication Scheme Parsing Bypass. The vulnerability is due to an overly permissive Authorization header parser that accepts non-standard separators such as tabs and improper case variations for the “Bearer” scheme, which allows an attacker to...

CVE-2025-23829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codingkart Woo Update Variations In Cart woo-update-variations-in-cart allows Stored XSS.This issue affects Woo Update Variations In Cart: from n/a through = 0.0.9...

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

GHSA-GV94-WP4H-VV8P Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707 Keycloak: keycloak authorization header parsing leading to potential security control bypass

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

PT-2026-1976

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters, such as tabs, as separators...

WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Show Variations as Single Products Woocommerce versions = 2.0...

CVE-2025-66114

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

EUVD-2025-198440

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

CVE-2025-66114

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

CVE-2025-66114

CVE-2025-66114 refers to a Missing Authorization / Broken Access Control in the WordPress plugin Show Variations as Single Products Woocommerce (plugin &lt;= 2.0). The vulnerability enables access control bypass for variations data; exploitation details, affected versions (

CVE-2025-66114 WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

CVE-2025-66114 WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

WordPress plugin Show Variations as Single Products Woocommerce 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. WordPress plugin Show Variations as Single Products A...

PT-2025-47776

Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through =...

Malicious code in zeta-lambda-abstract-eta-secure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b820d228c75228585ef00e24bee4183f5a0dff3ec86ddc4b9cc4727395b97ed5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...