Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: auth-bypass Clear
ID Title
CVE-2025-13777 Vulnerability in cisa (CVE-2025-13777)
vulnerability in cisa (CVE-2025-13777). Confidential information can be exposed externally.
CVE-2026-8198 Information Disclosure in wordpress (CVE-2026-8198)
vulnerability in wordpress (CVE-2026-8198). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-42354 Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
CVE-2026-44671 Vulnerability in github.com/zitadel/zitadel (CVE-2026-44671)
vulnerability in github.com/zitadel/zitadel (CVE-2026-44671). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.10` or later.
CVE-2026-41070 Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
CVE-2026-25199 Information Disclosure in apache (CVE-2026-25199)
vulnerability in apache (CVE-2026-25199). Confidential information can be exposed externally.
CVE-2026-8153 OS Command Injection in iot-embedded (CVE-2026-8153)
OS command injection in iot-embedded (CVE-2026-8153). Successful exploitation can lead to full system takeover.
CVE-2013-10075 Vulnerability in apache (CVE-2013-10075)
vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
CVE-2023-46453 SQL Injection in network-device (CVE-2023-46453)
SQL injection in network-device (CVE-2023-46453). Successful exploitation can lead to full system takeover.
CVE-2024-51092 OS Command Injection in command-injection (CVE-2024-51092)
OS command injection in command-injection (CVE-2024-51092). Confidential information can be exposed externally. Exploitable via ``version_netsnmp``.
CVE-2026-41500 Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-41501 Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-6736 Vulnerability in github (CVE-2026-6736)
vulnerability in github (CVE-2026-6736). Risk of unauthorized operations or information disclosure.
CVE-2026-33823 Vulnerability in microsoft (CVE-2026-33823)
vulnerability in microsoft (CVE-2026-33823). Confidential information can be exposed externally.
CVE-2026-41902 Vulnerability in laravel (CVE-2026-41902)
vulnerability in laravel (CVE-2026-41902). Confidential information can be exposed externally. Exploitable via `Referer header`.
CVE-2025-63704 Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
CVE-2026-42010 Vulnerability in gnu (CVE-2026-42010)
vulnerability in gnu (CVE-2026-42010). Confidential information can be exposed externally.
CVE-2026-43198 Vulnerability in linux (CVE-2026-43198)
vulnerability in linux (CVE-2026-43198). Successful exploitation can lead to full system takeover.
CVE-2026-43117 Vulnerability in linux (CVE-2026-43117)
vulnerability in linux (CVE-2026-43117). Confidential information can be exposed externally.
CVE-2026-35579 Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-33190 Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
CVE-2026-32834 Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
CVE-2026-31773 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently lab...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently labels the stored STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH. That reflects wh...
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-35051 Vulnerability in traefik (CVE-2026-35051)
vulnerability in traefik (CVE-2026-35051). Confidential information can be exposed externally.
CVE-2026-39858 Vulnerability in traefik (CVE-2026-39858)
vulnerability in traefik (CVE-2026-39858). Confidential information can be exposed externally.
CVE-2026-40912 Vulnerability in traefik (CVE-2026-40912)
vulnerability in traefik (CVE-2026-40912). Confidential information can be exposed externally.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-5140 Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
CVE-2026-38651 Vulnerability in netmaker (CVE-2026-38651)
vulnerability in netmaker (CVE-2026-38651). Confidential information can be exposed externally.
CVE-2024-57726 KEV [KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-6886 Vulnerability in CVE-2026-6886 (CVE-2026-6886)
vulnerability in CVE-2026-6886 (CVE-2026-6886). Successful exploitation can lead to full system takeover.
CVE-2025-2749 KEV [KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-27351 KEV [KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20128 KEV [KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-32975 KEV [KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2012-1854 KEV [KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-39976 Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
CVE-2026-0545 Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
CVE-2026-34072 Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
CVE-2025-14716 Authentication Bypass in CVE-2025-14716 (CVE-2025-14716)
authentication bypass in CVE-2025-14716 (CVE-2025-14716). Confidential information can be exposed externally.
CVE-2026-32841 Vulnerability in edimax (CVE-2026-32841)
vulnerability in edimax (CVE-2026-32841). Successful exploitation can lead to full system takeover.
CVE-2026-2624 Vulnerability in epati (CVE-2026-2624)
vulnerability in epati (CVE-2026-2624). Successful exploitation can lead to full system takeover.
CVE-2026-2635 Vulnerability in CVE-2026-2635 (CVE-2026-2635)
vulnerability in CVE-2026-2635 (CVE-2026-2635). Risk of unauthorized operations or information disclosure.
CVE-2025-8350 Vulnerability in CVE-2025-8350 (CVE-2025-8350)
vulnerability in CVE-2025-8350 (CVE-2025-8350). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →