CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

CVE-2026-1490

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

EUVD-2024-54896

Malicious code in bioql PyPI...

EUVD-2024-54891

Malicious code in bioql PyPI...

EUVD-2024-54898

Malicious code in bioql PyPI...

CVE-2024-57491

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...

CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-50645

CVE-2024-50645 involves MallChat v1.0-SNAPSHOT with an authentication bypass that lets attackers access the API without a token. The vulnerability affects the API authentication mechanism and enables unauthorized API access with high impact (confidentiality, integrity, availability all rated high...

CVE-2024-50641

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token...

CVE-2024-57155

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token...

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

PT-2025-34073 · Jantent · Jantent

Name of the Vulnerable Software and Affected Versions: Jantent version 1.1 Description: Incorrect access control in Jantent version 1.1 allows attackers to bypass authentication and access sensitive APIs without a token. Recommendations: At the moment, there is no information about a newer versio...

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

PT-2025-34156 · Radar · Radar

Name of the Vulnerable Software and Affected Versions: radar version 1.0.8 Description: Incorrect access control in radar version 1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token. The issue enables unauthorized access to sensitive API endpoints...

CVE-2024-57157

Summary (CVE-2024-57157): Jantent v1.1 has an incorrect access control flaw that allows unauthenticated access to sensitive APIs. Affected component is the application’s authentication/authorization logic; root cause is improper access checks, enabling a network-based bypass without a token. CVSS...

CVE-2024-57155

The CVE CVE-2024-57155 affects Radar v1.0.8 and is caused by improper access control that lets unauthenticated users bypass authentication to reach sensitive API endpoints. This is described across multiple sources (NVD/Red Hat/CIRCL entries referencing radar 1.0.8). Impact: high confidentiality,...

Nextcloud: Calendar app allowed booking appointments without the generated token

The calendar app was found to allow booking appointments without the necessary generated token, which could have led to unauthorized access...

PT-2024-29656

Name of the Vulnerable Software and Affected Versions biscuit-rust affected versions not specified Description The issue concerns biscuit-rust, the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. A third-party block request forged by a...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. Gitlab All versions from 12.6 to 14.8.6, all versions from 14.9 to 14.9.4, and...