Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-287 Clear
ID Title
CVE-2026-9695 Authentication Bypass in CVE-2026-9695 (CVE-2026-9695)
authentication bypass in CVE-2026-9695 (CVE-2026-9695). Successful exploitation can lead to full system takeover.
CVE-2026-53483 Authentication Bypass in CVE-2026-53483 (CVE-2026-53483)
authentication bypass in CVE-2026-53483 (CVE-2026-53483). Successful exploitation can lead to full system takeover.
CVE-2026-40139 Authentication Bypass in beyondtrust (CVE-2026-40139)
authentication bypass in beyondtrust (CVE-2026-40139). Successful exploitation can lead to full system takeover.
CVE-2026-53913 Authentication Bypass in apache (CVE-2026-53913)
authentication bypass in apache (CVE-2026-53913). Successful exploitation can lead to full system takeover.
CVE-2026-52830 Path Traversal in fast-mcp-telegram (CVE-2026-52830)
path traversal in fast-mcp-telegram (CVE-2026-52830). Confidential information can be exposed externally. Exploitable via ``telegram``. Mitigation: upgrade to `0.19.1` or later.
CVE-2026-11387 Authentication Bypass in wordpress (CVE-2026-11387)
authentication bypass in wordpress (CVE-2026-11387). Successful exploitation can lead to full system takeover.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-54089 Authentication Bypass in CVE-2026-54089 (CVE-2026-54089)
authentication bypass in CVE-2026-54089 (CVE-2026-54089). Confidential information can be exposed externally.
CVE-2026-56237 Authentication Bypass in CVE-2026-56237 (CVE-2026-56237)
authentication bypass in CVE-2026-56237 (CVE-2026-56237). Confidential information can be exposed externally.
CVE-2026-11374 Authentication Bypass in CVE-2026-11374 (CVE-2026-11374)
authentication bypass in CVE-2026-11374 (CVE-2026-11374). Successful exploitation can lead to full system takeover.
CVE-2026-7664 Authentication Bypass in langflow (CVE-2026-7664)
authentication bypass in langflow (CVE-2026-7664). Successful exploitation can lead to full system takeover.
CVE-2026-45480 Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
CVE-2026-49454 Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-46919 Vulnerability in c (CVE-2026-46919)
vulnerability in c (CVE-2026-46919). Successful exploitation can lead to full system takeover.
CVE-2026-46890 Vulnerability in c (CVE-2026-46890)
vulnerability in c (CVE-2026-46890). Successful exploitation can lead to full system takeover.
CVE-2026-46859 Authentication Bypass in c (CVE-2026-46859)
authentication bypass in c (CVE-2026-46859). Successful exploitation can lead to full system takeover.
CVE-2026-48114 SQL Injection in sqli (CVE-2026-48114)
SQL injection in sqli (CVE-2026-48114). Successful exploitation can lead to full system takeover.
CVE-2026-12183 Authentication Bypass in CVE-2026-12183 (CVE-2026-12183)
authentication bypass in CVE-2026-12183 (CVE-2026-12183). Successful exploitation can lead to full system takeover.
CVE-2026-48611 Authentication Bypass in CVE-2026-48611 (CVE-2026-48611)
authentication bypass in CVE-2026-48611 (CVE-2026-48611). Successful exploitation can lead to full system takeover.
CVE-2026-36727 Authentication Bypass in CVE-2026-36727 (CVE-2026-36727)
authentication bypass in CVE-2026-36727 (CVE-2026-36727). Confidential information can be exposed externally.
CVE-2026-50751 KEV [KEV] Authentication Bypass in Check point checkpoint (CVE-2026-50751)
authentication bypass in Check point checkpoint (CVE-2026-50751). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-46389 Authentication Bypass in defenseunicorns (CVE-2026-46389)
authentication bypass in defenseunicorns (CVE-2026-46389). Successful exploitation can lead to full system takeover. Exploitable via ``client_secret``.
CVE-2026-6274 Authentication Bypass in CVE-2026-6274 (CVE-2026-6274)
authentication bypass in CVE-2026-6274 (CVE-2026-6274). Successful exploitation can lead to full system takeover.
CVE-2026-49191 Authentication Bypass in acer (CVE-2026-49191)
authentication bypass in acer (CVE-2026-49191). Successful exploitation can lead to full system takeover.
CVE-2026-49186 Authentication Bypass in acer (CVE-2026-49186)
authentication bypass in acer (CVE-2026-49186). Successful exploitation can lead to full system takeover.
CVE-2026-49448 Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-10611 Authentication Bypass in misp (CVE-2026-10611)
authentication bypass in misp (CVE-2026-10611). Successful exploitation can lead to full system takeover.
CVE-2026-49197 Authentication Bypass in acer (CVE-2026-49197)
authentication bypass in acer (CVE-2026-49197). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-3655 Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
CVE-2026-46840 Vulnerability in c (CVE-2026-46840)
vulnerability in c (CVE-2026-46840). Successful exploitation can lead to full system takeover.
CVE-2026-46817 Privilege Escalation in c (CVE-2026-46817)
vulnerability in c (CVE-2026-46817). Successful exploitation can lead to full system takeover.
CVE-2026-7876 IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
CVE-2026-47280 Authentication Bypass in microsoft (CVE-2026-47280)
authentication bypass in microsoft (CVE-2026-47280). Successful exploitation can lead to full system takeover.
CVE-2026-32253 Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
CVE-2026-36829 Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
CVE-2026-45434 Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
CVE-2026-42822 Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
CVE-2026-5229 Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
CVE-2026-20182 KEV [KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-44351 Vulnerability in fast-jwt (CVE-2026-44351)
vulnerability in fast-jwt (CVE-2026-44351). Confidential information can be exposed externally. Exploitable via ``Buffer``. Mitigation: upgrade to `6.2.4` or later.
CVE-2026-44547 Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
CVE-2026-33117 Authentication Bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117)
authentication bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117). Confidential information can be exposed externally. Mitigation: upgrade to `4.10.6` or later.
CVE-2026-44196 Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
CVE-2026-42869 Authentication Bypass in CVE-2026-42869 (CVE-2026-42869)
authentication bypass in CVE-2026-42869 (CVE-2026-42869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.57` or later.
CVE-2026-42560 Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
CVE-2026-44551 Authentication Bypass in open-webui (CVE-2026-44551)
authentication bypass in open-webui (CVE-2026-44551). Confidential information can be exposed externally. Exploitable via `POST /api/v1/auths/ldap`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-41070 Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
CVE-2026-41574 Authentication Bypass in github.com/nhost/nhost (CVE-2026-41574)
authentication bypass in github.com/nhost/nhost (CVE-2026-41574). Successful exploitation can lead to full system takeover. Exploitable via `GET /users/`. Mitigation: upgrade to `0.0.0-20260417112436-ec8dab3f2cf4` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →