Export limit exceeded: 18656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45109 | 1 Vercel | 1 Next.js | 2026-05-13 | 7.5 High |
| Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6. | ||||
| CVE-2026-44575 | 1 Vercel | 1 Next.js | 2026-05-13 | 7.5 High |
| Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same page without being matched by the intended middleware rule, which can allow protected content to be reached without the expected authorization check. This vulnerability is fixed in 15.5.16 and 16.2.5. | ||||
| CVE-2026-44574 | 1 Vercel | 1 Next.js | 2026-05-13 | 8.1 High |
| Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check. This vulnerability is fixed in 15.5.16 and 16.2.5. | ||||
| CVE-2026-40621 | 2026-05-13 | N/A | ||
| ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | ||||
| CVE-2026-42300 | 1 L3montree-dev | 1 Devguard | 2026-05-13 | N/A |
| DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated attacker who knows or can guess a target user's Kratos identity UUID can issue requests as that user. Where the target user is an organisation admin or owner, this gives the attacker full control over that organisation's DevGuard resources. This vulnerability is fixed in 1.2.2. | ||||
| CVE-2026-35422 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-05-13 | 6.5 Medium |
| Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-42303 | 1 Ethyca | 1 Fides | 2026-05-12 | N/A |
| Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion of a data subject's records across every integration configured in the affected deployment. This vulnerability is fixed in 2.83.2. | ||||
| CVE-2026-24858 | 2 Fortinet, Siemens | 7 Fortianalyzer, Fortimanager, Fortios and 4 more | 2026-05-12 | 9.4 Critical |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. | ||||
| CVE-2026-8321 | 1 Inkeep | 1 Agents | 2026-05-12 | 7.3 High |
| A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-41308 | 1 Pglombardo | 1 Password Pusher | 2026-05-11 | 6.5 Medium |
| Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2. | ||||
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-05-11 | 8.6 High |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | ||||
| CVE-2026-20079 | 1 Cisco | 1 Secure Firewall Management Center | 2026-05-06 | 10 Critical |
| A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device. | ||||
| CVE-2026-7567 | 2 Elemntor, Wordpress | 2 Temporary Login, Wordpress | 2026-05-04 | 9.8 Critical |
| The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request. | ||||
| CVE-2026-7458 | 2 Pickplugins, Wordpress | 2 User Verification By Pickplugins, Wordpress | 2026-05-04 | 9.8 Critical |
| The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value. | ||||
| CVE-2026-25002 | 2 Thimpress, Wordpress | 2 Learnpress – Sepay Payment, Wordpress | 2026-04-29 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. | ||||
| CVE-2025-26966 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2024-49247 | 1 Oc2ps | 1 Better-bp-registration | 2026-04-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through <= 1.6. | ||||
| CVE-2024-43234 | 1 Xtendify | 1 Woffice | 2026-04-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14. | ||||
| CVE-2026-40022 | 1 Apache | 1 Camel | 2026-04-28 | 8.2 High |
| When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationConfigurer classes derive the authentication path from properties.getPath() when camel.server.authenticationPath / camel.management.authenticationPath is not explicitly set. Combined with the Vert.x sub-router mounting model - the sub-router is mounted at _path_* and the authentication handler is registered inside the sub-router at the resolved path - this causes the authentication handler to match only the exact configured context path, not its subpaths. Unauthenticated requests to subpaths such as /api/_route_ or /admin/observe/info therefore reach protected business routes and management endpoints without being challenged for credentials. The /observe/info endpoint can disclose runtime metadata such as the user, working directory, home directory, process ID, JVM and operating system information. This issue affects Apache Camel: from 4.14.1 before 4.14.6, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, they are suggested to upgrade to 4.14.6. If users are on the 4.18.x LTS releases stream, they are suggested to upgrade to 4.18.2. | ||||
| CVE-2025-64236 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6. | ||||