Export limit exceeded: 20094 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (630 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52690 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail. | ||||
| CVE-2026-54089 | 1 Filebrowser | 1 Filebrowser | 2026-06-25 | 9.1 Critical |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication (auth.method=proxy), any unauthenticated attacker who can reach the server directly can impersonate any user - including admin - by sending a single forged HTTP header. No credentials are required. Additionally, specifying a non-existent username causes the server to automatically create a new user account, providing an account creation primitive with no authorization. This is an already known issue that has been documented in the documentation for several years, but has not been documented as a vulnerability before. | ||||
| CVE-2026-25119 | 1 Gogs | 1 Gogs | 2026-06-25 | N/A |
| Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can forge this header to impersonate any user or trigger automatic account creation, completely bypassing authentication. This vulnerability is fixed in 0.14.3. | ||||
| CVE-2026-54308 | 1 N8n | 1 N8n | 2026-06-24 | N/A |
| n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. This vulnerability is fixed in 2.25.7 and 2.26.2. | ||||
| CVE-2026-47381 | 1 Nocodb | 1 Nocodb | 2026-06-24 | N/A |
| NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1. | ||||
| CVE-2026-52845 | 1 Caddyserver | 1 Caddy | 2026-06-24 | 8.1 High |
| Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through php_fastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with _. This lets a client send an underscore alias that survives the forward_auth delete step but becomes the same PHP/FastCGI variable. Result: a remote client can inject or sometimes override identity/group headers trusted by PHP/FastCGI applications behind Caddy. This vulnerability is fixed in 2.11.4. | ||||
| CVE-2026-49468 | 1 Berriai | 1 Litellm | 2026-06-24 | 10.0 Critical |
| LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0. | ||||
| CVE-2026-34025 | 1 Wertheim | 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) | 2026-06-23 | N/A |
| The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location. | ||||
| CVE-2026-42662 | 2 Liquid Web / Stellarwp, Wordpress | 2 Event Tickets, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions. | ||||
| CVE-2026-56357 | 1 N8n | 1 N8n | 2026-06-23 | 4 Medium |
| n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events. | ||||
| CVE-2026-55202 | 2 Tinyproxy, Tinyproxy Project | 2 Tinyproxy, Tinyproxy | 2026-06-23 | 8.2 High |
| Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger unauthorized access to internal proxy statistics or misroute requests as transparent proxy connections to circumvent access controls. | ||||
| CVE-2026-49231 | 1 Apache | 1 Apisix | 2026-06-22 | N/A |
| Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX: from 3.5.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue. | ||||
| CVE-2026-39999 | 1 Apache | 1 Apache Apisix | 2026-06-22 | N/A |
| Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which fixes the issue. | ||||
| CVE-2026-56020 | 1 Webmin | 1 Webmin | 2026-06-22 | 8.1 High |
| The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641. | ||||
| CVE-2026-50141 | 1 Woodpecker-ci | 1 Woodpecker | 2026-06-18 | N/A |
| Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` value into outgoing gRPC metadata. The server correctly verified the JWT token but then discarded the verified agent identity in favor of the client-supplied value. Version 3.14.1 patches the issue. As a workaround, disable org agents (`WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true`) and delete existing ones. | ||||
| CVE-2026-53849 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.1 High |
| OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gain unauthorized agent access intended for another Discord identity. | ||||
| CVE-2026-36537 | 1 Thingsboard | 1 Thingsboard | 2026-06-17 | 9.8 Critical |
| ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover. | ||||
| CVE-2026-53857 | 1 Openclaw | 1 Openclaw | 2026-06-16 | 8.1 High |
| OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when the feature is enabled. | ||||
| CVE-2026-53811 | 1 Openclaw | 1 Openclaw | 2026-06-16 | 8.8 High |
| OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration. | ||||
| CVE-2026-27089 | 2 Magepeople, Wordpress | 2 Wptravelly, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. | ||||