Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: auth-bypass Clear
ID Title
CVE-2026-42753 Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
CVE-2026-42749 Vulnerability in CVE-2026-42749 (CVE-2026-42749)
vulnerability in CVE-2026-42749 (CVE-2026-42749). Risk of unauthorized operations or information disclosure.
CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
CVE-2026-8994 Authentication Bypass in wordpress (CVE-2026-8994)
authentication bypass in wordpress (CVE-2026-8994). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv``.
CVE-2026-8760 Vulnerability in wordpress (CVE-2026-8760)
vulnerability in wordpress (CVE-2026-8760). Successful exploitation can lead to full system takeover.
CVE-2026-42013 A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ...
CVE-2026-8890 Vulnerability in CVE-2026-8890 (CVE-2026-8890)
vulnerability in CVE-2026-8890 (CVE-2026-8890). Confidential information can be exposed externally.
CVE-2026-45217 Vulnerability in CVE-2026-45217 (CVE-2026-45217)
vulnerability in CVE-2026-45217 (CVE-2026-45217). Risk of unauthorized operations or information disclosure.
CVE-2018-25361 Vulnerability in CVE-2018-25361 (CVE-2018-25361)
vulnerability in CVE-2018-25361 (CVE-2018-25361). Confidential information can be exposed externally.
CVE-2026-9058 Vulnerability in CVE-2026-9058 (CVE-2026-9058)
vulnerability in CVE-2026-9058 (CVE-2026-9058). Risk of unauthorized operations or information disclosure.
CVE-2026-9398 Authentication Bypass in CVE-2026-9398 (CVE-2026-9398)
authentication bypass in CVE-2026-9398 (CVE-2026-9398). Risk of unauthorized operations or information disclosure.
CVE-2026-33843 Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
CVE-2026-41076 Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
CVE-2025-13477 Vulnerability in CVE-2025-13477 (CVE-2025-13477)
vulnerability in CVE-2025-13477 (CVE-2025-13477). Confidential information can be exposed externally.
CVE-2026-44058 Authentication Bypass in CVE-2026-44058 (CVE-2026-44058)
authentication bypass in CVE-2026-44058 (CVE-2026-44058). Successful exploitation can lead to full system takeover.
CVE-2026-40165 Vulnerability in authentik (CVE-2026-40165)
vulnerability in authentik (CVE-2026-40165). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
CVE-2026-9141 Vulnerability in CVE-2026-9141 (CVE-2026-9141)
vulnerability in CVE-2026-9141 (CVE-2026-9141). Successful exploitation can lead to full system takeover.
CVE-2026-39310 Vulnerability in csrf (CVE-2026-39310)
vulnerability in csrf (CVE-2026-39310). Data can be tampered with by attackers.
CVE-2026-35675 Vulnerability in thorsten/phpmyfaq (CVE-2026-35675)
vulnerability in thorsten/phpmyfaq (CVE-2026-35675). Data can be tampered with by attackers. Mitigation: upgrade to `4.1.3` or later.
CVE-2026-35672 Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
CVE-2026-24206 Vulnerability in dos (CVE-2026-24206)
vulnerability in dos (CVE-2026-24206). Risk of unauthorized operations or information disclosure.
CVE-2026-24207 Vulnerability in dos (CVE-2026-24207)
vulnerability in dos (CVE-2026-24207). Successful exploitation can lead to full system takeover.
CVE-2026-36829 Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
CVE-2026-30950 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-44699 Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
CVE-2026-5229 Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-45248 Vulnerability in hedera (CVE-2026-45248)
vulnerability in hedera (CVE-2026-45248). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/demo/registered-users`.
CVE-2026-8621 Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-26062 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062). Risk of unauthorized operations or information disclosure. Exploitable via ``PublishLogs``. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-24000 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-42602 Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
CVE-2026-0257 KEV [KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-0265 Vulnerability in CVE-2026-0265 (CVE-2026-0265)
vulnerability in CVE-2026-0265 (CVE-2026-0265). Risk of unauthorized operations or information disclosure.
CVE-2020-37220 Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
CVE-2026-42889 Vulnerability in CVE-2026-42889 (CVE-2026-42889)
vulnerability in CVE-2026-42889 (CVE-2026-42889). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.7` or later.
CVE-2026-35422 Vulnerability in microsoft (CVE-2026-35422)
vulnerability in microsoft (CVE-2026-35422). Data can be tampered with by attackers.
CVE-2026-44196 Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
CVE-2026-43512 Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-30805 Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
CVE-2026-8321 A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
CVE-2026-42882 Path Traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882)
path traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882). Confidential information can be exposed externally. Exploitable via `PUT /upload/foo/drafts/../restricted/`. Mitigation: upgrade to `0.0.0-20260424211602-1320e4abd46a` or later.
CVE-2026-45223 Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
CVE-2026-44994 Vulnerability in openclaw (CVE-2026-44994)
vulnerability in openclaw (CVE-2026-44994). Risk of unauthorized operations or information disclosure.
CVE-2025-43992 Vulnerability in dell (CVE-2025-43992)
vulnerability in dell (CVE-2025-43992). Risk of unauthorized operations or information disclosure.
CVE-2025-65856 Vulnerability in cisa (CVE-2025-65856)
vulnerability in cisa (CVE-2025-65856). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →