Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: auth-bypass Clear
ID Title
CVE-2026-14495 Vulnerability in wordpress (CVE-2026-14495)
vulnerability in wordpress (CVE-2026-14495). Successful exploitation can lead to full system takeover. Exploitable via ``init``.
CVE-2026-37270 Vulnerability in CVE-2026-37270 (CVE-2026-37270)
vulnerability in CVE-2026-37270 (CVE-2026-37270). Risk of unauthorized operations or information disclosure.
CVE-2026-14476 Vulnerability in path-traversal (CVE-2026-14476)
vulnerability in path-traversal (CVE-2026-14476). Successful exploitation can lead to full system takeover.
CVE-2026-5268 Vulnerability in CVE-2026-5268 (CVE-2026-5268)
vulnerability in CVE-2026-5268 (CVE-2026-5268). Confidential information can be exposed externally.
CVE-2026-24013 Vulnerability in apache (CVE-2026-24013)
vulnerability in apache (CVE-2026-24013). Confidential information can be exposed externally.
CVE-2026-58423 Authentication Bypass in CVE-2026-58423 (CVE-2026-58423)
authentication bypass in CVE-2026-58423 (CVE-2026-58423). Confidential information can be exposed externally.
CVE-2026-35159 Vulnerability in CVE-2026-35159 (CVE-2026-35159)
vulnerability in CVE-2026-35159 (CVE-2026-35159). Data can be tampered with by attackers.
CVE-2026-54998 Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
CVE-2026-59092 Vulnerability in dos (CVE-2026-59092)
vulnerability in dos (CVE-2026-59092). Confidential information can be exposed externally.
CVE-2026-13125 GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
CVE-2026-58517 Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
CVE-2026-12579 AS228T with Authentication Bypass Vulnerability
AS228T with Authentication Bypass Vulnerability
CVE-2026-56286 Vulnerability in csrf (CVE-2026-56286)
vulnerability in csrf (CVE-2026-56286). Data can be tampered with by attackers.
CVE-2026-56350 Vulnerability in n8n (CVE-2026-56350)
vulnerability in n8n (CVE-2026-56350). Data can be tampered with by attackers.
CVE-2026-56219 Authentication Bypass in CVE-2026-56219 (CVE-2026-56219)
authentication bypass in CVE-2026-56219 (CVE-2026-56219). Confidential information can be exposed externally.
CVE-2026-13207 Vulnerability in CVE-2026-13207 (CVE-2026-13207)
vulnerability in CVE-2026-13207 (CVE-2026-13207). Confidential information can be exposed externally.
CVE-2026-58169 Vulnerability in CVE-2026-58169 (CVE-2026-58169)
vulnerability in CVE-2026-58169 (CVE-2026-58169). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
CVE-2026-56782 Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
CVE-2026-56780 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
CVE-2026-58056 RustDesk gates incoming control messages on per-capability flags rather than on the session's...
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
CVE-2026-9242 Vulnerability in wordpress (CVE-2026-9242)
vulnerability in wordpress (CVE-2026-9242). Risk of unauthorized operations or information disclosure. Exploitable via ``callback``.
CVE-2026-48618 Vulnerability in nodejs (CVE-2026-48618)
vulnerability in nodejs (CVE-2026-48618). Confidential information can be exposed externally.
CVE-2025-71327 Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
CVE-2026-56091 Vulnerability in apache (CVE-2026-56091)
vulnerability in apache (CVE-2026-56091). Risk of unauthorized operations or information disclosure.
CVE-2026-9780 Cross-Site Scripting (XSS) in quest (CVE-2026-9780)
cross-site scripting in quest (CVE-2026-9780). Successful exploitation can lead to full system takeover.
CVE-2026-7569 Cross-Site Scripting (XSS) in quest (CVE-2026-7569)
cross-site scripting in quest (CVE-2026-7569). Successful exploitation can lead to full system takeover.
CVE-2026-56262 Vulnerability in kidocode (CVE-2026-56262)
vulnerability in kidocode (CVE-2026-56262). Risk of unauthorized operations or information disclosure.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-35019 Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
CVE-2026-10561 Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
CVE-2025-4994 Vulnerability in CVE-2025-4994 (CVE-2025-4994)
vulnerability in CVE-2025-4994 (CVE-2025-4994). Risk of unauthorized operations or information disclosure.
CVE-2026-56299 Vulnerability in dos (CVE-2026-56299)
vulnerability in dos (CVE-2026-56299). Risk of unauthorized operations or information disclosure.
CVE-2026-56265 Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
CVE-2026-56346 Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
CVE-2026-56294 Authentication Bypass in CVE-2026-56294 (CVE-2026-56294)
authentication bypass in CVE-2026-56294 (CVE-2026-56294). Confidential information can be exposed externally.
CVE-2020-37255 Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-56073 Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
CVE-2026-49230 Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
CVE-2026-49231 Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
CVE-2026-47341 Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-50242 Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
CVE-2026-58399 Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-11718 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-11717 Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
CVE-2026-55196 Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
CVE-2026-54817 Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
CVE-2026-55706 Vulnerability in c (CVE-2026-55706)
vulnerability in c (CVE-2026-55706). Risk of unauthorized operations or information disclosure.
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →