Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Tag: auth-bypass Clear
ID Title
CVE-2026-48618 Vulnerability in nodejs (CVE-2026-48618)
vulnerability in nodejs (CVE-2026-48618). Confidential information can be exposed externally.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-10561 Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
CVE-2026-56346 Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-55706 Vulnerability in c (CVE-2026-55706)
vulnerability in c (CVE-2026-55706). Risk of unauthorized operations or information disclosure.
CVE-2026-54281 Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
CVE-2026-49952 Vulnerability in CVE-2026-49952 (CVE-2026-49952)
vulnerability in CVE-2026-49952 (CVE-2026-49952). Confidential information can be exposed externally.
CVE-2026-49062 Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-42083 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
CVE-2026-38930 SQL Injection in CVE-2026-38930 (CVE-2026-38930)
SQL injection in CVE-2026-38930 (CVE-2026-38930). Risk of unauthorized operations or information disclosure.
CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-44699 Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
CVE-2026-8321 A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
CVE-2026-45223 Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2013-10075 Vulnerability in apache (CVE-2013-10075)
vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
CVE-2024-51092 OS Command Injection in command-injection (CVE-2024-51092)
OS command injection in command-injection (CVE-2024-51092). Confidential information can be exposed externally. Exploitable via ``version_netsnmp``.
CVE-2026-41500 Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-41501 Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-41902 Vulnerability in laravel (CVE-2026-41902)
vulnerability in laravel (CVE-2026-41902). Confidential information can be exposed externally. Exploitable via `Referer header`.
CVE-2025-63704 Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
CVE-2026-35579 Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-33190 Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34072 Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
CVE-2025-6967 Vulnerability in CVE-2025-6967 (CVE-2025-6967)
vulnerability in CVE-2025-6967 (CVE-2025-6967). Confidential information can be exposed externally.
CVE-2024-55591 KEV [KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2024-55591)
vulnerability in Fortinet fortios-and-fortiproxy (CVE-2024-55591). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2022-30034 Authentication Bypass in flower (CVE-2022-30034)
authentication bypass in flower (CVE-2022-30034). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.0` or later.
CVE-2018-16988 Vulnerability in buffalo (CVE-2018-16988)
vulnerability in buffalo (CVE-2018-16988). Successful exploitation can lead to full system takeover.
CVE-2017-17777 Authentication Bypass in paid-to-read-script-project (CVE-2017-17777)
authentication bypass in paid-to-read-script-project (CVE-2017-17777). Successful exploitation can lead to full system takeover.
CVE-2017-15974 tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-14766 Authentication Bypass in wordpress (CVE-2017-14766)
authentication bypass in wordpress (CVE-2017-14766). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →