Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: auth-bypass Clear
ID Title
CVE-2026-14476 Vulnerability in path-traversal (CVE-2026-14476)
vulnerability in path-traversal (CVE-2026-14476). Successful exploitation can lead to full system takeover.
CVE-2026-5268 Vulnerability in CVE-2026-5268 (CVE-2026-5268)
vulnerability in CVE-2026-5268 (CVE-2026-5268). Confidential information can be exposed externally.
CVE-2026-24013 Vulnerability in apache (CVE-2026-24013)
vulnerability in apache (CVE-2026-24013). Confidential information can be exposed externally.
CVE-2026-58423 Authentication Bypass in CVE-2026-58423 (CVE-2026-58423)
authentication bypass in CVE-2026-58423 (CVE-2026-58423). Confidential information can be exposed externally.
CVE-2026-35159 Vulnerability in CVE-2026-35159 (CVE-2026-35159)
vulnerability in CVE-2026-35159 (CVE-2026-35159). Data can be tampered with by attackers.
CVE-2026-54998 Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
CVE-2026-13125 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-58517 Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
CVE-2026-12579 AS228T with Authentication Bypass Vulnerability
AS228T with Authentication Bypass Vulnerability
CVE-2026-56286 Vulnerability in csrf (CVE-2026-56286)
vulnerability in csrf (CVE-2026-56286). Data can be tampered with by attackers.
CVE-2026-56350 Vulnerability in n8n (CVE-2026-56350)
vulnerability in n8n (CVE-2026-56350). Data can be tampered with by attackers.
CVE-2026-56219 Authentication Bypass in CVE-2026-56219 (CVE-2026-56219)
authentication bypass in CVE-2026-56219 (CVE-2026-56219). Confidential information can be exposed externally.
CVE-2026-13207 Vulnerability in CVE-2026-13207 (CVE-2026-13207)
vulnerability in CVE-2026-13207 (CVE-2026-13207). Confidential information can be exposed externally.
CVE-2026-56782 Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
CVE-2026-58056 RustDesk gates incoming control messages on per-capability flags rather than on the session's...
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
CVE-2025-71327 Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
CVE-2026-9780 Cross-Site Scripting (XSS) in quest (CVE-2026-9780)
cross-site scripting in quest (CVE-2026-9780). Successful exploitation can lead to full system takeover.
CVE-2026-7569 Cross-Site Scripting (XSS) in quest (CVE-2026-7569)
cross-site scripting in quest (CVE-2026-7569). Successful exploitation can lead to full system takeover.
CVE-2026-56262 Vulnerability in kidocode (CVE-2026-56262)
vulnerability in kidocode (CVE-2026-56262). Risk of unauthorized operations or information disclosure.
CVE-2026-35019 Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
CVE-2026-10561 Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
CVE-2025-4994 Vulnerability in CVE-2025-4994 (CVE-2025-4994)
vulnerability in CVE-2025-4994 (CVE-2025-4994). Risk of unauthorized operations or information disclosure.
CVE-2026-56299 Vulnerability in dos (CVE-2026-56299)
vulnerability in dos (CVE-2026-56299). Risk of unauthorized operations or information disclosure.
CVE-2026-56265 Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
CVE-2026-56346 Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
CVE-2026-56294 Authentication Bypass in CVE-2026-56294 (CVE-2026-56294)
authentication bypass in CVE-2026-56294 (CVE-2026-56294). Confidential information can be exposed externally.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-49231 Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-47341 Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
CVE-2026-50242 Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
CVE-2026-58399 Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-11718 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-11717 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-55196 Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
CVE-2026-54817 Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
CVE-2026-48746 Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
CVE-2025-13036 Vulnerability in cisa (CVE-2025-13036)
vulnerability in cisa (CVE-2025-13036). Risk of unauthorized operations or information disclosure.
CVE-2026-12225 Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-54281 Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
CVE-2026-36537 Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
CVE-2026-49062 Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
CVE-2026-49757 Vulnerability in ash_authentication (CVE-2026-49757)
vulnerability in ash_authentication (CVE-2026-49757). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.14.0, 5.0.0-rc.10` or later.
CVE-2026-11443 Cross-Site Scripting (XSS) in CVE-2026-11443 (CVE-2026-11443)
cross-site scripting in CVE-2026-11443 (CVE-2026-11443). Risk of unauthorized operations or information disclosure.
CVE-2026-48558 KEV [KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-5792 Vulnerability in CVE-2026-5792 (CVE-2026-5792)
vulnerability in CVE-2026-5792 (CVE-2026-5792). Risk of unauthorized operations or information disclosure.
CVE-2026-50623 Authentication Bypass in apache (CVE-2026-50623)
authentication bypass in apache (CVE-2026-50623). Risk of unauthorized operations or information disclosure.
CVE-2025-7064 Vulnerability in CVE-2025-7064 (CVE-2025-7064)
vulnerability in CVE-2025-7064 (CVE-2025-7064). Data can be tampered with by attackers.
CVE-2026-10795 Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →