Authentication Bypass
Monthly
Authenticated session hijacking via IDOR in Kanboard through 1.2.52 allows any low-privilege user to mass-invalidate the persistent 'Remember Me' sessions of arbitrary users, including administrators, by enumerating sequential integer session IDs against the unguarded `removeSession` endpoint. The root-cause fix - scoping `RememberMeSessionModel::remove()` to the requesting user's own `user_id` - is confirmed in commit 928c68a via PR #5831. A publicly available proof-of-concept exists on GitHub (issue #5829); this vulnerability is not currently listed in the CISA KEV catalog, though the trivially low exploitation barrier warrants prompt patching.
Broken access control in NewsBlur before 14.5.0 exposes any authenticated user's private social notification feed - follows, replies, and social activity - to any other authenticated user. The GET /social/interactions endpoint accepts an arbitrary user_id parameter and returns that user's MInteraction records without verifying the requesting session owns the account, a classic CWE-639 IDOR. No public exploit code has been identified and this is not listed in CISA KEV, but the low attack complexity (any registered account suffices) makes the flaw trivially exploitable by any NewsBlur user against any other.
Authorization bypass in Seahub (the Seafile web frontend) before 13.0.23 lets a holder of a folder share-link token call GET /api/v2.1/share-link-zip-task/ without honoring the SHARE_LINK_LOGIN_REQUIRED policy, obtaining a fileserver zip token to download entire shared directory trees. Classified as CWE-862 (Missing Authorization) and reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided in the input.
Cross-tenant access in Maxun (the open-source no-code web data extraction/scraping platform) before 0.0.42 allows any authenticated user to read, modify, delete, or run other tenants' robots and to exfiltrate their plaintext Google and Airtable OAuth access tokens by abusing storage and webhook API handlers that never check resource ownership. The flaw stems from API endpoints querying robots by ID alone (e.g. Robot.findAll() with no userId scope), so a low-privileged account on a shared/multi-tenant instance can pivot across the entire tenant base. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the upstream fix is committed and the trivial nature of an IDOR makes it readily reproducible.
Authentication bypass and privilege escalation in File Browser (versions 2.0.0-rc.1 and later) lets a remote unauthenticated attacker impersonate any account - including admin - by sending a single forged HTTP header when the server runs with proxy authentication (auth.method=proxy). The same flaw doubles as an unauthorized account-creation primitive, since supplying a non-existent username silently provisions a new user. Scored CVSS 9.1 (CWE-287); no public exploit identified at time of analysis, though the underlying behavior has been openly documented for years.
OAuth2/OIDC token forgery in OpenIdentity Platform's OpenAM Community Edition (through 16.0.6) lets an attacker mint OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject (userName), clientID, realm, and scope by abusing the stateful token-read path's failure to namespace and type-check Core Token Store (CTS) rows. The flaw is an Authorization Bypass Through User-Controlled Key (CWE-639): any CTS row whose BLOB merely claims to be an OAuth token is trusted on read with no integrity check, so an attacker who can write attacker-controlled JSON to CTS under a known identifier can impersonate any user or client. No public exploit has been identified at time of analysis, and the issue is fixed in version 16.1.1; it does not by itself grant an OpenAM SSO session or admin-console access.
Certificate trust-chain bypass in wolfSSL allows attackers to have an attacker-controlled certificate accepted as valid, but only in builds compiled with --enable-opensslextra where the application calls the OpenSSL-compatibility X509_verify_cert() with caller-supplied untrusted intermediates. The verifier returned success based on the last verified link instead of confirming the chain reaches a configured trust anchor, so a chain deeper than the maximum path depth (default 100) is accepted without ever validating against a trusted root. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; native wolfSSL TLS/DTLS and the default WOLFSSL_VERIFY_PEER handshake are unaffected.
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository hijack pnpm's automatic version-switching mechanism. By committing crafted package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml - including matching pnpm and @pnpm/exe versions plus package records and snapshots - an attacker bypasses fresh package-manager resolution and causes pnpm to install and execute attacker-selected bytes when a developer runs pnpm in the cloned repo. No public exploit identified at time of analysis; the high CVSS of 8.8 reflects full confidentiality, integrity, and availability impact, gated only by the user running pnpm against the poisoned repository.
Authorization bypass in Red Hat Build of Keycloak's UMA engine lets an authenticated user who holds a valid permission ticket for a single resource escalate access to all resources of the same type on the resource server by crafting a specific permission request prefix. The bypass is silently permitted when the resource server operates in PERMISSIVE enforcement mode with ownerManagedAccess enabled and no explicit type-level policy in place. No public exploit code exists and this CVE is not listed in CISA KEV at time of analysis, but the low attack complexity and network vector make this a credible internal-privilege escalation path in affected Keycloak deployments.
Privilege escalation in Keycloak (Red Hat Build of Keycloak) lets an authenticated delegated admin with management rights over a single low-privilege group hijack the entire realm. A missing authorization check in the Admin REST API's GroupResource.addChild() endpoint allows reparenting an arbitrary group; when Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker can move a privileged group (e.g., one holding realm-admin) under a group they control, inheriting management and password-reset rights over its members. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the resulting full realm takeover makes it a serious escalation primitive in environments that delegate group administration.
Authorization bypass in the Keycloak Policy Enforcer allows any authenticated user to circumvent all enforced access controls - role, scope, and User-Managed Access (UMA) permission checks - by embedding the configured access-denied page path inside a request URL as a path segment or query parameter. The affected component ships in the Red Hat Build of Keycloak, and successful exploitation grants unauthorized access to protected resources. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-tenant credential decryption in ToolJet prior to 3.20.1780-lts allows any authenticated user to retrieve plaintext data-source secrets belonging to any other organization on the same instance. The POST /api/data-sources/decrypt endpoint omits the ValidateDataSourceGuard present on all neighboring routes and performs no organization-scoped lookup, meaning a valid session from any tenant is sufficient to exfiltrate database passwords, API keys, and other stored secrets across tenant boundaries. No public exploit has been identified at time of analysis, but the attack is mechanically trivial for any user with a valid account and knowledge of a target credential_id.
Incorrect authorization logic during room creation in Venueless permits authenticated low-privilege users to create room types they are not permitted to create. The CVSS 4.0 score of 2.3 reflects the narrow, integrity-only impact and significant attack preconditions - requiring authentication, high complexity, and specific prerequisites. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
API key scope bypass in Outline prior to 1.8.0 allows an authenticated attacker holding a limited-scope API key or OAuth token to perform actions on restricted endpoints by exploiting a URL fragment handling discrepancy. The `AuthenticationHelper.canAccess` function evaluates authorization against the fragment-appended URL path rather than the actual routed endpoint, enabling privilege escalation beyond the key's intended permissions. No public exploit code or active exploitation has been identified at time of analysis, but the low attack complexity (PR:L, AC:L) makes this straightforward to exploit for any valid API key holder.
LibreChat's POST /api/files/images endpoint lacks the authorization check that was correctly applied to the POST /api/files route in a prior patch, allowing any authenticated user to upload files into arbitrary agents' tool_resources (including context and execute_code environments) without ownership or EDIT permission verification. All LibreChat deployments prior to 0.8.4-rc1 are affected across any multi-user configuration. No active exploitation has been confirmed (not in CISA KEV), but the bypass is trivially exercisable by any valid session holder who knows a target agent ID.
Broken object-level authorization in LibreChat's message deletion endpoint allows any authenticated user to permanently delete messages belonging to other users. Affected are all LibreChat deployments prior to 0.8.4-rc1. By supplying their own valid conversationId for middleware validation while targeting a victim's messageId in the underlying MongoDB query, an attacker bypasses the per-user authorization check and irreversibly removes arbitrary messages. No public exploit or CISA KEV listing exists at time of analysis, but the flaw is straightforward to exploit once a valid messageId is obtained.
Authentication-bypass weakness in LibreChat before 0.8.4-rc1 lets an attacker who already holds a valid session silently regenerate all of a victim's two-factor backup codes via POST /api/auth/2fa/backup/regenerate, which never asks for a current TOTP token or an existing backup code. With fresh codes in hand, the attacker can bypass 2FA at login or turn 2FA off entirely, neutralizing the account's second factor. EPSS is low (0.15%, 5th percentile) and no active exploitation is recorded, but proof-of-concept exploitation is acknowledged in the SSVC framework.
Two-factor authentication takeover in LibreChat before 0.8.4-rc1 lets any authenticated user — or an attacker wielding a stolen session token — call the GET /api/auth/2fa/enable endpoint to silently overwrite an account's existing TOTP secret, regenerate backup codes, and flip twoFactorEnabled to false, all without TOTP or backup-code verification. The flaw destroys the victim's working second factor and can lock the legitimate owner out of their own 2FA. Publicly available exploit code exists (SSVC: PoC), but EPSS is low (0.18%, 8th percentile) and it is not listed in CISA KEV.
Credential interception in HYPR Passwordless on Windows (all versions before 11.1.1) is possible due to a missing authentication check on a critical internal function (CWE-306), allowing a low-privileged local attacker to capture authentication material during an active user session. The CVSS 4.0 vector's SC:H metric confirms the intercepted credentials are usable against downstream systems that HYPR protects, elevating the downstream blast radius beyond the compromised endpoint. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Unauthorized folder deletion in the K2 Extension for Joomla (versions 1.0 through 2.26) exposes a public-facing `item.checkin` task that accepts an unauthenticated `sigProFolder` query parameter and passes it directly to `JFolder::delete()` under `/media/k2/galleries/`, with no authorization check whatsoever (CWE-862). Any unauthenticated remote attacker can trigger deletion of gallery directories simply by crafting an HTTP request - no session, token, or credentials required. No public exploit code has been identified at time of analysis, though SSVC rates this as automatable with partial technical impact, meaning scripted bulk targeting of affected Joomla installations is straightforward.
Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units exposes password hashes stored in system files to unauthorized reading by privileged local users. An attacker who has already obtained privileged local access to the RTU can read these improperly protected files, extract credential hashes, and perform offline cracking to achieve account compromise. No public exploit code exists at time of analysis, and the vulnerability has not been listed in CISA KEV, but the high confidentiality impact on credential material in OT/ICS environments warrants attention.
Credential exposure in Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units & Controllers allows an unauthenticated attacker to recover credentials that are insufficiently protected within device firmware or system files (CWE-522). The recovered credentials can then be used to fully compromise the device when the attacker also has physical access. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; vendor advisory SEVD-2026-160-02 covers the affected OT products.
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper certificate validation, allowing a low-privileged local user to defeat a security control the application relies on. Dell self-reported the issue and there is no public exploit identified at time of analysis; EPSS is very low (0.07%) and CISA SSVC marks exploitation status as 'none', though technical impact is rated 'total'. The flaw affects the macOS build of DDPM, a companion utility for Dell monitors and peripherals.
Improper access control in PPOM for WooCommerce (all versions through 33.0.18) enables unauthenticated remote attackers to bypass access controls and perform unauthorized operations affecting the integrity and availability of affected WooCommerce stores. Classified under CWE-284 and confirmed as an authentication bypass by Patchstack, the flaw exposes plugin-managed product option data to manipulation or disruption without requiring any credentials. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to CISA KEV.
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versions prior to 2.3, where an Improper Access Control flaw (CWE-284) lets a low-privileged local user execute arbitrary code in a higher-privileged context. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact from a local, low-privilege starting point with no user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Broken access control in the Royal MCP WordPress plugin (versions up to and including 1.4.25) lets authenticated low-privilege users reach functionality that should be restricted, due to a missing authorization check. With a CVSS of 8.1 and high confidentiality and integrity impact, an attacker holding even a basic account can read and alter data they should not be able to touch. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Broken access control in the Slim SEO WordPress plugin through version 4.6.2 allows authenticated users holding the Contributor role to bypass authorization checks and access restricted data, yielding a high confidentiality impact per CVSS C:H. The flaw is rooted in CWE-862 (Missing Authorization), meaning the plugin fails to verify whether the requesting user holds sufficient privileges before executing certain privileged actions. No public exploit code and no CISA KEV listing exist at time of analysis; however, low attack complexity and no required user interaction make this straightforward to exploit by any valid contributor-level account holder.
Broken Access Control in the UPI QR Code Payment Gateway for WooCommerce plugin (versions <= 1.6.2) allows authenticated low-privilege WordPress users to perform actions or access endpoints reserved for higher-privileged roles, resulting in unauthorized modification of payment data or disruption of payment processing. The flaw, rooted in missing authorization checks (CWE-862), was disclosed by Patchstack and affects sites running WooCommerce with this Knit Pay plugin installed. No public exploit code has been identified at time of analysis, and it has not been confirmed as actively exploited.
Unauthenticated IDOR in License Manager for WooCommerce (versions <= 3.0.15) allows remote, unauthenticated attackers to reference and manipulate arbitrary license records by supplying or iterating object identifiers in plugin requests, yielding integrity and availability impacts on license data. The CVSS vector (PR:N, AV:N, AC:L) confirms no authentication or special conditions are needed, making the attack trivially repeatable against any reachable WooCommerce store running the affected plugin. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Missing authorization in the CheckView Automated Testing WordPress plugin (versions 2.1.0 and earlier) lets remote unauthenticated attackers reach functionality that should be access-controlled, enabling unauthorized modification of site data or test/automation state. The CVSS 3.1 vector (7.5, AV:N/AC:L/PR:N/UI:N) reflects a network-reachable, no-interaction flaw with high integrity impact but no confidentiality or availability loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Missing authorization in the Five Star Restaurant Reservations WordPress plugin (version 2.7.19 and earlier) lets remote unauthenticated attackers invoke protected plugin functionality and modify data without holding any account, per the CVSS PR:N vector. The flaw is a broken access control / missing capability check (CWE-862) reported by Patchstack, with a CVSS 3.1 base score of 7.5 driven entirely by integrity impact (C:N/I:H/A:N). No public exploit code or active exploitation has been identified at time of analysis.
Unauthorized data modification in the Motors car dealership and classified listings plugin for WordPress (versions <= 1.4.109) lets remote unauthenticated attackers invoke privileged actions they should not reach, due to a missing authorization check (CWE-862). The CVSS 3.1 vector (AV:N/PR:N/UI:N) confirms no authentication and no user interaction are required, with a high integrity impact but no confidentiality or availability impact. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Broken access control in the MainWP Child WordPress plugin (versions 6.1.1 and earlier) allows remote attackers to invoke privileged actions without proper authorization checks (CWE-862). Because the flaw is reachable without authentication (PR:N) it can be triggered by external attackers, though exploitation depends on tricking a user into an action (UI:R) and on overcoming non-trivial conditions (AC:H). There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sensitive data exposure in Elementor Website Builder for WordPress (versions <= 4.1.3) allows contributor-level authenticated users to access protected information due to missing authorization checks (CWE-862). The vulnerability stems from insufficient capability verification before exposing sensitive data to lower-privileged roles, enabling a contributor to retrieve data they should not have access to. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and high confidentiality impact make this a meaningful risk on any site with untrusted contributor accounts.
DNSSEC validation in PowerDNS Recursor can be silently undermined by network-positioned attackers who spoof DNS replies to trick the Recursor into permanently marking a legitimate authoritative server's IP as EDNS-incapable. Once that state is poisoned, the Recursor is unable to perform proper DNSSEC validation for any zones served by that authoritative server, effectively disabling a critical security layer for downstream clients. No active exploitation has been confirmed by CISA KEV, and no public proof-of-concept has been identified at time of analysis; however, the attack complexity is rated High due to the spoofing prerequisite.
Use-after-free in the Linux kernel's Airoha (airoha_eth) network driver allows memory corruption when metadata dst objects are torn down while still referenced by in-flight receive skbs. The airoha_metadata_dst_free() routine called metadata_dst_free()/kfree() directly, bypassing the RCU grace period required by the noref dst pointers set via skb_dst_set_noref() in the RX path, so RCU readers could dereference freed memory. No public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile); the issue is patched in current stable kernels.
Memory corruption (use-after-free) in the Linux kernel's MediaTek mtk_eth_soc Ethernet driver allows the metadata destination object to be freed via kfree() during driver teardown while the RX path may still hold a non-refcounted (noref) pointer to it from a live skb. Affects systems running the mtk_eth_soc driver (MediaTek SoC networking, common in routers/embedded devices) across multiple kernel branches; the fix routes the free through dst_release() so the RCU grace period is honored. No public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not in CISA KEV - despite the input's nominal CVSS of 9.8.
Use-after-free in the Linux kernel's IBM EMAC Ethernet driver (drivers/net/ethernet/ibm/emac) lets in-flight packet processing touch hardware resources that have already been freed during device removal, because devm_register_netdev() deferred unregister_netdev() until after emac_remove() tore down the hardware. A local attacker who can trigger driver unbind/hot-removal while the interface handles traffic can corrupt kernel memory, potentially escalating to code execution or crashing the system. This is a fixed regression window on IBM PowerPC EMAC hardware; no public exploit identified at time of analysis and EPSS risk is low (0.18%, 7th percentile).
Local privilege/memory-integrity exposure in the Linux kernel's drm/xe Intel GPU driver stems from a missed TLB invalidation: a previously merged optimization that skipped GuC scheduler suspend toggling when an exec queue was idle has been reverted because it bypassed the context switch that flushes TLB entries for invalidated userptr VMAs. On Intel Xe GPUs running in long-running (LR)/preempt-fence VM mode, this leaves stale TLB mappings to invalidated user pointers, producing page faults and stale-memory access during userptr invalidation. There is no public exploit identified at time of analysis and EPSS is low (0.17%, 7th percentile); the fix is the revert commit itself, restoring unconditional schedule toggling on suspend.
Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.
Incorrect authorization in GitLab CE/EE allows authenticated users holding developer-role permissions to bypass Maven package protection rules and overwrite protected package metadata. All GitLab versions from 17.11 through 18.11.5, 19.0.0 through 19.0.2, and 19.1.0 are affected, with patched releases available across all three trains. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; real-world impact is scoped to organizations that have explicitly configured Maven package protection rules and host untrusted developer-role users.
Incorrect authorization in GitLab CE/EE's group packages feature exposes package metadata from projects where the Package Registry has been explicitly disabled, allowing any authenticated Reporter-level group member to enumerate package names, versions, and publish timestamps that project owners intended to restrict. The flaw spans a very wide version range - all 13.6+ releases up to the newly-issued fixes in 18.11.6, 19.0.3, and 19.1.1 - meaning a large proportion of self-hosted GitLab deployments are affected. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Authorization bypass in GitLab Enterprise Edition's virtual registry cleanup policy feature allows authenticated users to read or modify cleanup policy settings belonging to groups they do not own. Affected versions span all GitLab EE releases from 18.6 through 18.11.5, 19.0 through 19.0.2, and 19.1.0. Exploitation requires a valid GitLab EE account but no elevated privileges; no public exploit code exists and this is not in CISA KEV at time of analysis.
Insufficient authorization checks in GitLab Enterprise Edition expose project information to authenticated users with limited permissions under specific, undisclosed conditions. Affecting all EE releases from 18.6 up to (but not including) 18.11.6, 19.0.3, and 19.1.1, this CWE-862 flaw allows a low-privileged authenticated attacker to read project data they should not have access to. No public exploit code exists and no active exploitation has been confirmed; the high attack complexity (AC:H) and requirement for an authenticated session substantially limit real-world risk.
Confidential issue references in GitLab CE/EE public projects are exposed to unauthenticated users due to missing authorization checks (CWE-862). Affecting all GitLab versions from 17.5 through 18.11.5, 19.0.0-19.0.2, and 19.1.0, this flaw enables any unauthenticated remote attacker to retrieve references to confidential issues on public projects - potentially revealing issue IDs, titles, or internal metadata that project owners explicitly restricted. No public exploit code or CISA KEV listing exists at time of analysis; however, the unauthenticated, low-complexity network vector makes this trivially automatable for reconnaissance against large GitLab installations.
Incorrect authorization in GitLab Enterprise Edition's DAST site profile management exposes stored secrets to users with the Developer role under certain conditions. Affecting all GitLab EE releases from 13.11 through the recently patched 18.11.6, 19.0.3, and 19.1.1, the flaw allows a lower-privileged authenticated user to read secrets - such as authentication credentials or API tokens - embedded in DAST site profiles they should not have access to. No public exploit code or CISA KEV listing has been identified at time of analysis, and the high attack complexity (AC:H) implies specific conditions must align for exploitation to succeed.
Protected environment configuration bypass in GitLab Enterprise Edition exposes CI/CD deployment gates to authenticated users holding custom role permissions, even when CI/CD visibility is explicitly disabled for the project. Affecting all EE versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1, this CWE-863 (Incorrect Authorization) flaw allows such users to view, create, or delete protected environment rules that should be inaccessible. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.
Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.
Rocket.Chat's Omnichannel visitors.info API endpoint exposes visitor session tokens in response payloads, enabling a privileged caller to capture and reuse those tokens for authentication bypass against LiveChat visitor identities. Affected deployments span multiple 7.x and 8.x release branches, with vendor-confirmed fixes across seven patch releases. No public exploit code and no CISA KEV listing exist at time of analysis; however, the CWE-285 (Improper Authorization) classification and 'Authentication Bypass' tag confirm meaningful post-exploitation potential for session impersonation.
{"$gt": ""} matches the first unexpired credential-token document, yielding a full Meteor auth token bound to a legitimate victim - and full instance compromise if that victim is an administrator. No public exploit identified at time of analysis, but the CVSS 9.1 rating and trivial exploitability make this a high-priority patch.
Session-destruction denial of service in Rocket.Chat's SAML single logout allows an unauthenticated remote attacker to forcibly log out any SAML-authenticated user by submitting a forged, unsigned LogoutRequest to the SP logout endpoint. Because the integration never validates the SAML signature, an attacker who knows only a victim's NameID - typically their email address, as exposed by Okta, Google Workspace, Microsoft Entra ID, and JumpCloud - can repeatedly destroy sessions and script the attack across many accounts to render the instance unusable. No public exploit identified at time of analysis; the CVSS 4.0 base score is 8.7 (availability-only impact), and fixes are available across all maintained release branches.
Authentication bypass in FOSSBilling 0.7.2 and earlier lets remote unauthenticated attackers create a fully privileged administrator account through the guest bootstrap endpoint /api/guest/staff/create, which fails to lock after the first admin exists. Because the account can immediately authenticate, this yields complete takeover of the billing and client-management platform. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial network-based exploitation (CVSS 4.0 9.3) makes it a serious exposure for any internet-facing instance.
KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for any other VMI scheduled on the same Kubernetes node, causing virt-handler to corrupt that VMI's state and disrupt its lifecycle management. The root cause is that gRPC handlers for HandleDomainEvent and HandleK8SEvent accept VMI namespace/name exclusively from the request body, never cross-checking against the per-VMI pipe socket the connection arrived on. With CVSS 6.5 (AV:L/S:C), the attack requires local access via a compromised container but can impact multiple VMIs across tenants on the same node; no public exploit code or CISA KEV listing has been identified at time of analysis.
SiYuan's personal knowledge management system prior to 3.7.0 exposes all user note content to unauthenticated database exfiltration through a deliberately auth-excluded API endpoint. The `/api/icon/getDynamicIcon` endpoint, when invoked with `type=8` and a valid block ID, renders a Go template that executes arbitrary SELECT queries against SiYuan's SQLite backend via `querySQL` and `queryBlocks` functions - functions designed for note querying but reachable without any credential check. An attacker with network adjacency who possesses a valid block ID can read the entire database: note content, tags, asset references, and block attributes. No public exploit or CISA KEV listing has been identified at time of analysis; the AC:H rating reflects the block ID prerequisite. A fix is available in version 3.7.0.
{"setDeploymentAs": "new-workspace"}. The endpoint correctly requires authentication but performs no role/permission check (CWE-862), so the action wipes cloud credentials, removes the workspace license, and breaks push notifications for all users until manual re-registration. No public exploit identified at time of analysis; the issue is a denial-of-service / integrity flaw rather than data theft (CVSS C:N, I:H, A:H = 8.1).
Authentication bypass in Rocket.Chat's Apple Sign-In handler allows attackers to impersonate any user by replaying a captured Apple identity token. The handler verifies the JWT signature but skips validation of the aud, exp, nbf, and nonce claims, so any Apple-signed token with a non-empty iss is accepted indefinitely with no replay-window expiry. Affected versions are those prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Authentication bypass leading to account takeover in Rocket.Chat affects the Apple Sign-In OAuth flow prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. The handleIdentityToken function in the Apple login handler falls back to trusting an attacker-supplied email value when the Apple-issued JWT omits an email claim, so a remote unauthenticated attacker can forge an email-less Apple JWT and log in as any victim by their email address. No public exploit is identified at time of analysis, but the CVSS 4.0 base score of 9.3 (critical) and trivial exploitation conditions make this a high priority for any instance with Apple login enabled.
Private repository metadata in Gogs 0.14.3 and earlier leaks to any authenticated user due to a boolean inversion in the Watch API access control check. An authenticated attacker who watches a private repository they are not authorized to view will receive commit messages, branch names, issue titles, and PR details via their dashboard activity feed - and full issue and comment content via email if notifications are enabled. No public exploit has been identified at time of analysis, though the single-line boolean fix published in the upstream commit makes the flaw trivial to reproduce by any authenticated user who reads the commit diff.
Signature bypass in Mastodon's ActivityPub federation layer allows remote unauthenticated attackers to falsely attribute article authorship by manipulating the `toot:attributionDomains` property of signed Update activities. Affected are all Mastodon instances running versions 4.3.0 through 4.5.10 or 4.4.x through 4.4.17, where a JSON-LD definition error renders Linked Data Signatures on this specific property non-binding. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and the federated, internet-exposed nature of the protocol make exploitation straightforward for any actor able to send ActivityPub messages.
Missing authentication in the Aclara Metrum Cellular Web Interface (a Hubbell/Aclara cellular communications module used in utility smart-grid metering) lets remote attackers reach critical system functions without any credentials. Per the CVSS:4.0 vector (PR:N/UI:N) an unauthenticated network attacker can read and modify operational configuration and force device restarts, and repeated restarts can sever device communications - a pure availability impact (VA:H, no confidentiality or integrity loss). There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV; EPSS data was not provided.
Insecure direct object reference (IDOR) in FOSSBilling's Servicecustom Client API (versions 0.7.2 and prior) lets any authenticated client retrieve another client's custom service records by supplying a guessed sequential order_id, because the __call method fetches the order without an ownership check. The exposed data includes other clients' PII (name, email, phone, address, company details, VAT number) and service configuration, making this a cross-tenant confidentiality breach. No public exploit identified at time of analysis, and the issue is resolved in version 0.8.0.
Cross-workspace data disclosure in Twenty CRM before 2.9.0 lets any authenticated user holding the AI settings flag (a workspace owner by default) read another tenant's AI agent chat history and trigger LLM evaluations against the victim's data on the same instance. By supplying a victim's agentId or turnId to the agentTurns query or evaluateAgentTurn mutation, an attacker retrieves raw chat text, tool calls, and tool outputs that belong to a different workspace. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Site isolation bypass in Google Chrome's Passwords implementation allows a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.197 on desktop platforms. Google has confirmed this as a High severity Chromium issue; no public exploit code or active exploitation has been identified at time of analysis, and CISA SSVC categorizes exploitation status as none.
Site isolation bypass in Google Chrome's Navigation component allows an attacker who has already compromised the renderer process to escape Chrome's cross-origin containment boundary via a crafted HTML page, affecting all Chrome versions prior to 149.0.7827.197. The vulnerability stems from insufficient input validation (CWE-20) in the Navigation subsystem, which fails to properly enforce site isolation when navigations are initiated from a compromised renderer. No public exploit code has been identified and CISA SSVC confirms no known active exploitation at time of analysis, though the prerequisite of renderer compromise makes this a meaningful second-stage escalation primitive.
Same-origin policy bypass in Google Chrome's DeviceBoundSessionCredentials (DBSC) feature affects all Chrome versions prior to 149.0.7827.197, allowing a remote attacker to read limited cross-origin data via a crafted HTML page. The flaw stems from incorrect origin validation (CWE-346) in the DBSC implementation, a relatively new anti-session-hijacking subsystem. SSVC assessment confirms no exploitation at time of analysis, and no public exploit code has been identified; the CVSS score of 4.3 Medium reflects meaningful but bounded confidentiality impact contingent on user interaction.
Authentication bypass in Apache Shiro affects deployments using the shiro-guice module in a web servlet context, where a specially crafted HTTP request can evade path-based access controls and reach protected resources without valid credentials. It mirrors the older shiro-spring flaw CVE-2020-1957 but targets the Guice integration instead, impacting all Shiro releases through 2.x and 3.0.0-alpha-1. No public exploit identified at time of analysis, though the CVSS 4.0 base score of 8.2 reflects high confidentiality impact and the close analogy to a previously exploited bug class.
Server-side request forgery (SSRF) filter bypass in Ghost CMS 6.0.9 through 6.21.0 allows remote unauthenticated attackers to direct the application to reach internal network services by supplying IPv6 literals that map to private IPv4 addresses, circumventing Ghost's outbound IP blocklist. The root cause is CWE-184 (Incomplete List of Disallowed Inputs): the filter validates against RFC 1918 private ranges but does not normalize IPv6-mapped IPv4 notation before comparison. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; Ghost 6.21.1 resolves the issue.
DNS rebinding bypasses Ghost CMS's private-IP validation for outbound HTTP requests, enabling server-side request forgery (SSRF) against internal network resources. Versions 6.0.9 through 6.21.0 are affected; the root cause is a TOCTOU race (CWE-367) between Ghost's allowlist check and the actual TCP connection, which a DNS-rebinding attacker exploits by switching DNS records between check-time and connect-time. No public exploit code identified and not listed in CISA KEV, but the scope-changed CVSS rating (S:C) reflects that successful exploitation escapes Ghost's network boundary into adjacent internal infrastructure.
Improper authorization in OpenAM Community Edition's Liberty ID-WSF SOAP receiver lets an unauthenticated remote attacker write persistent entries into the Liberty Discovery store on any user's LDAP entry and into a shared root-realm Discovery branch, with the writes executed server-side under elevated internal privileges (the global path explicitly uses the internal admin token). All Open Identity Platform OpenAM Community Edition releases through 16.0.6 that expose the Liberty Web Services component are affected; the issue is fixed in 16.1.1. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the affected code ships in default configuration.
Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_00 through the fix in 0.2026.05.06.15.42.stable_01) lets denylisted, confirmation-required commands auto-execute. Because the non-interactive CLI agent matched command strings against its denylist before stripping leading environment-variable assignments, an attacker able to influence the agent's emitted command output (e.g., via prompt injection) can prefix a blocked command such as 'rm' with 'X=1' to evade the safety boundary. No public exploit is identified at time of analysis, and it is not listed in CISA KEV.
{} blocks that fire unconditionally - even when the preceding ownership-checked read fails - scoping deletion only by raw primary key with no userId or workspaceId constraint. Versions 1.11.1 through 1.14.0 are affected; no public exploit or CISA KEV listing identified at time of analysis, though the fix commit confirms the root cause and makes exploitation trivially reproducible.
Cross-domain cookie injection in curl (versions 7.46.0 through 8.20.0) lets a malicious or compromised HTTP server set 'super cookies' that bypass the Public Suffix List (PSL) safeguard, causing curl to scope attacker-supplied cookies to unrelated third-party domains and transmit them on later requests. Rated CVSS 9.1 and tagged as an authentication bypass, the flaw undermines cookie origin isolation, but EPSS is low at 0.22% (12th percentile), there is no CISA KEV listing, and no public exploit was identified at time of analysis. A patched release is available from the curl project.
SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.
Unauthenticated account self-registration in MailerUp before 1.0.1 lets any remote attacker POST to /api/auth/register/ and obtain a working account, even on instances where operators intended registration to be closed, because the RegisterView is wired with Django REST Framework's AllowAny permission and enforces no email verification, CAPTCHA, or admin approval. Once registered, the attacker can read every email stored by the instance, yielding full disclosure of all stored messages. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch (1.0.1) removes the public registration endpoint entirely.
Unauthorized configuration modification in OpenText Access Manager before 5.1.3 allows a remote unauthenticated attacker to alter system configuration via API calls that lack proper authorization enforcement, classified under CWE-648 (Incorrect Use of Privileged APIs). Affected deployments expose privileged API endpoints without adequate access control, enabling integrity impact across both the vulnerable system and subsequent systems relying on it for identity and access decisions. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Directory ACL bypass in ProFTPD (through 1.3.9b and 1.3.10rc2) lets authenticated FTP users reach files inside DenyAll-protected directories by prefixing paths with /proc/self/root in the RNFR (rename-from) command. Because the CVSS 4.0 vector specifies PR:L, exploitation requires a valid low-privilege FTP account, after which an attacker can rename and then retrieve files that configured Directory ACLs were meant to protect. There is no public exploit identified at time of analysis and no KEV listing, but the VulnCheck-assessed CVSS of 8.6 reflects the strong confidentiality and integrity impact on file-access controls.
A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Assembla Plugin 1.4 and earlier exposes a connection-test endpoint without adequate permission enforcement, allowing any Jenkins user holding only Overall/Read permission to trigger outbound HTTP connections to an arbitrary attacker-controlled URL with attacker-supplied credentials. This enables both a limited Server-Side Request Forgery (SSRF) vector for internal network probing and credential interception on the attacker's endpoint. No public exploit code or active exploitation has been identified at time of analysis; SSVC assessment confirms exploitation status as none.
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.
Missing authorization checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow any authenticated Jenkins user with the low-privilege Overall/Read permission to enumerate the names of configured Contrast metadata via a network-accessible endpoint. The vulnerability is classified CWE-862 (Missing Authorization) and has an EPSS score of 0.15% (4th percentile), indicating negligible real-world exploitation activity. No public exploit code and no CISA KEV listing have been identified, making this a low-urgency but real information-disclosure concern for multi-tenant Jenkins environments with untrusted users.
Missing authorization in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier permits any authenticated Jenkins user holding the minimal Overall/Read permission to invoke a connection test endpoint with fully attacker-controlled URL, username, API key, and service key. This enables the Jenkins server to make arbitrary outbound HTTP connections - a Server-Side Request Forgery (SSRF)-class impact - without the elevated privileges that should guard such functionality. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, indicating low current exploitation probability despite network reachability.
Missing permission check in Jenkins EC2 Fleet Plugin versions up to 4.2.3.539.v8fedff2a_81c3 enables any authenticated user holding the low-privilege Overall/Read role to trigger a credential-capture attack by directing the plugin to connect to an attacker-controlled endpoint and transmitting AWS credentials stored in Jenkins. The attacker must independently obtain a valid credential ID before exploiting this flaw, making it a chained attack rather than a direct standalone exploit. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog; SSVC rates exploitation status as none.
Credential ID enumeration in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows authenticated attackers holding only global Item/Configure permission to bypass the intended per-job permission boundary and list credential IDs stored in Jenkins. The root cause is an incorrect permission check (CWE-862) that conflates global and job-scoped authorization, leaking credential identifiers without requiring job-level rights. No public exploit code exists and SSVC rates exploitation status as none; however, enumerated credential IDs can serve as reconnaissance for chained attacks targeting those credentials.
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow any authenticated user holding the minimal Overall/Read Jenkins role to trigger outbound connections from the Jenkins controller to an attacker-specified URL using credential IDs sourced through a secondary method. This creates an SSRF-like primitive enabling internal network probing and credential ID validation without administrative access. No public exploit code has been identified at time of analysis, and SSVC confirms current exploitation status as none.
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
Authorization bypass in Capgo (cap-go before 12.128.2) allows holders of org-limited API keys to read membership data from organizations outside their assigned scope by calling the GET /organization/members endpoint without proper enforcement of limited_to_orgs restrictions. Exposed fields include uid, email, image_url, role, and is_tmp - sufficient to enumerate organization membership and email addresses across tenants. No public exploit identified at time of analysis; CVSS 4.0 scores this at 5.3 reflecting a low-privilege, network-accessible attack with limited confidentiality impact.
Unauthenticated remote attackers can read, insert, and delete stored app icons in Capgo (all versions before 12.128.2) due to a Supabase images bucket entirely lacking row-level security (RLS) controls. Exploitation leaks sensitive app IDs and user IDs embedded in bucket metadata, and enables full icon deletion causing visual degradation of hosted applications. No public exploit code has been identified at time of analysis, and a vendor-released patch is available in version 12.128.2.
Authenticated session hijacking via IDOR in Kanboard through 1.2.52 allows any low-privilege user to mass-invalidate the persistent 'Remember Me' sessions of arbitrary users, including administrators, by enumerating sequential integer session IDs against the unguarded `removeSession` endpoint. The root-cause fix - scoping `RememberMeSessionModel::remove()` to the requesting user's own `user_id` - is confirmed in commit 928c68a via PR #5831. A publicly available proof-of-concept exists on GitHub (issue #5829); this vulnerability is not currently listed in the CISA KEV catalog, though the trivially low exploitation barrier warrants prompt patching.
Broken access control in NewsBlur before 14.5.0 exposes any authenticated user's private social notification feed - follows, replies, and social activity - to any other authenticated user. The GET /social/interactions endpoint accepts an arbitrary user_id parameter and returns that user's MInteraction records without verifying the requesting session owns the account, a classic CWE-639 IDOR. No public exploit code has been identified and this is not listed in CISA KEV, but the low attack complexity (any registered account suffices) makes the flaw trivially exploitable by any NewsBlur user against any other.
Authorization bypass in Seahub (the Seafile web frontend) before 13.0.23 lets a holder of a folder share-link token call GET /api/v2.1/share-link-zip-task/ without honoring the SHARE_LINK_LOGIN_REQUIRED policy, obtaining a fileserver zip token to download entire shared directory trees. Classified as CWE-862 (Missing Authorization) and reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided in the input.
Cross-tenant access in Maxun (the open-source no-code web data extraction/scraping platform) before 0.0.42 allows any authenticated user to read, modify, delete, or run other tenants' robots and to exfiltrate their plaintext Google and Airtable OAuth access tokens by abusing storage and webhook API handlers that never check resource ownership. The flaw stems from API endpoints querying robots by ID alone (e.g. Robot.findAll() with no userId scope), so a low-privileged account on a shared/multi-tenant instance can pivot across the entire tenant base. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the upstream fix is committed and the trivial nature of an IDOR makes it readily reproducible.
Authentication bypass and privilege escalation in File Browser (versions 2.0.0-rc.1 and later) lets a remote unauthenticated attacker impersonate any account - including admin - by sending a single forged HTTP header when the server runs with proxy authentication (auth.method=proxy). The same flaw doubles as an unauthorized account-creation primitive, since supplying a non-existent username silently provisions a new user. Scored CVSS 9.1 (CWE-287); no public exploit identified at time of analysis, though the underlying behavior has been openly documented for years.
OAuth2/OIDC token forgery in OpenIdentity Platform's OpenAM Community Edition (through 16.0.6) lets an attacker mint OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject (userName), clientID, realm, and scope by abusing the stateful token-read path's failure to namespace and type-check Core Token Store (CTS) rows. The flaw is an Authorization Bypass Through User-Controlled Key (CWE-639): any CTS row whose BLOB merely claims to be an OAuth token is trusted on read with no integrity check, so an attacker who can write attacker-controlled JSON to CTS under a known identifier can impersonate any user or client. No public exploit has been identified at time of analysis, and the issue is fixed in version 16.1.1; it does not by itself grant an OpenAM SSO session or admin-console access.
Certificate trust-chain bypass in wolfSSL allows attackers to have an attacker-controlled certificate accepted as valid, but only in builds compiled with --enable-opensslextra where the application calls the OpenSSL-compatibility X509_verify_cert() with caller-supplied untrusted intermediates. The verifier returned success based on the last verified link instead of confirming the chain reaches a configured trust anchor, so a chain deeper than the maximum path depth (default 100) is accepted without ever validating against a trusted root. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; native wolfSSL TLS/DTLS and the default WOLFSSL_VERIFY_PEER handshake are unaffected.
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository hijack pnpm's automatic version-switching mechanism. By committing crafted package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml - including matching pnpm and @pnpm/exe versions plus package records and snapshots - an attacker bypasses fresh package-manager resolution and causes pnpm to install and execute attacker-selected bytes when a developer runs pnpm in the cloned repo. No public exploit identified at time of analysis; the high CVSS of 8.8 reflects full confidentiality, integrity, and availability impact, gated only by the user running pnpm against the poisoned repository.
Authorization bypass in Red Hat Build of Keycloak's UMA engine lets an authenticated user who holds a valid permission ticket for a single resource escalate access to all resources of the same type on the resource server by crafting a specific permission request prefix. The bypass is silently permitted when the resource server operates in PERMISSIVE enforcement mode with ownerManagedAccess enabled and no explicit type-level policy in place. No public exploit code exists and this CVE is not listed in CISA KEV at time of analysis, but the low attack complexity and network vector make this a credible internal-privilege escalation path in affected Keycloak deployments.
Privilege escalation in Keycloak (Red Hat Build of Keycloak) lets an authenticated delegated admin with management rights over a single low-privilege group hijack the entire realm. A missing authorization check in the Admin REST API's GroupResource.addChild() endpoint allows reparenting an arbitrary group; when Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker can move a privileged group (e.g., one holding realm-admin) under a group they control, inheriting management and password-reset rights over its members. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the resulting full realm takeover makes it a serious escalation primitive in environments that delegate group administration.
Authorization bypass in the Keycloak Policy Enforcer allows any authenticated user to circumvent all enforced access controls - role, scope, and User-Managed Access (UMA) permission checks - by embedding the configured access-denied page path inside a request URL as a path segment or query parameter. The affected component ships in the Red Hat Build of Keycloak, and successful exploitation grants unauthorized access to protected resources. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-tenant credential decryption in ToolJet prior to 3.20.1780-lts allows any authenticated user to retrieve plaintext data-source secrets belonging to any other organization on the same instance. The POST /api/data-sources/decrypt endpoint omits the ValidateDataSourceGuard present on all neighboring routes and performs no organization-scoped lookup, meaning a valid session from any tenant is sufficient to exfiltrate database passwords, API keys, and other stored secrets across tenant boundaries. No public exploit has been identified at time of analysis, but the attack is mechanically trivial for any user with a valid account and knowledge of a target credential_id.
Incorrect authorization logic during room creation in Venueless permits authenticated low-privilege users to create room types they are not permitted to create. The CVSS 4.0 score of 2.3 reflects the narrow, integrity-only impact and significant attack preconditions - requiring authentication, high complexity, and specific prerequisites. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
API key scope bypass in Outline prior to 1.8.0 allows an authenticated attacker holding a limited-scope API key or OAuth token to perform actions on restricted endpoints by exploiting a URL fragment handling discrepancy. The `AuthenticationHelper.canAccess` function evaluates authorization against the fragment-appended URL path rather than the actual routed endpoint, enabling privilege escalation beyond the key's intended permissions. No public exploit code or active exploitation has been identified at time of analysis, but the low attack complexity (PR:L, AC:L) makes this straightforward to exploit for any valid API key holder.
LibreChat's POST /api/files/images endpoint lacks the authorization check that was correctly applied to the POST /api/files route in a prior patch, allowing any authenticated user to upload files into arbitrary agents' tool_resources (including context and execute_code environments) without ownership or EDIT permission verification. All LibreChat deployments prior to 0.8.4-rc1 are affected across any multi-user configuration. No active exploitation has been confirmed (not in CISA KEV), but the bypass is trivially exercisable by any valid session holder who knows a target agent ID.
Broken object-level authorization in LibreChat's message deletion endpoint allows any authenticated user to permanently delete messages belonging to other users. Affected are all LibreChat deployments prior to 0.8.4-rc1. By supplying their own valid conversationId for middleware validation while targeting a victim's messageId in the underlying MongoDB query, an attacker bypasses the per-user authorization check and irreversibly removes arbitrary messages. No public exploit or CISA KEV listing exists at time of analysis, but the flaw is straightforward to exploit once a valid messageId is obtained.
Authentication-bypass weakness in LibreChat before 0.8.4-rc1 lets an attacker who already holds a valid session silently regenerate all of a victim's two-factor backup codes via POST /api/auth/2fa/backup/regenerate, which never asks for a current TOTP token or an existing backup code. With fresh codes in hand, the attacker can bypass 2FA at login or turn 2FA off entirely, neutralizing the account's second factor. EPSS is low (0.15%, 5th percentile) and no active exploitation is recorded, but proof-of-concept exploitation is acknowledged in the SSVC framework.
Two-factor authentication takeover in LibreChat before 0.8.4-rc1 lets any authenticated user — or an attacker wielding a stolen session token — call the GET /api/auth/2fa/enable endpoint to silently overwrite an account's existing TOTP secret, regenerate backup codes, and flip twoFactorEnabled to false, all without TOTP or backup-code verification. The flaw destroys the victim's working second factor and can lock the legitimate owner out of their own 2FA. Publicly available exploit code exists (SSVC: PoC), but EPSS is low (0.18%, 8th percentile) and it is not listed in CISA KEV.
Credential interception in HYPR Passwordless on Windows (all versions before 11.1.1) is possible due to a missing authentication check on a critical internal function (CWE-306), allowing a low-privileged local attacker to capture authentication material during an active user session. The CVSS 4.0 vector's SC:H metric confirms the intercepted credentials are usable against downstream systems that HYPR protects, elevating the downstream blast radius beyond the compromised endpoint. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Unauthorized folder deletion in the K2 Extension for Joomla (versions 1.0 through 2.26) exposes a public-facing `item.checkin` task that accepts an unauthenticated `sigProFolder` query parameter and passes it directly to `JFolder::delete()` under `/media/k2/galleries/`, with no authorization check whatsoever (CWE-862). Any unauthenticated remote attacker can trigger deletion of gallery directories simply by crafting an HTTP request - no session, token, or credentials required. No public exploit code has been identified at time of analysis, though SSVC rates this as automatable with partial technical impact, meaning scripted bulk targeting of affected Joomla installations is straightforward.
Incorrect file permission assignment on Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units exposes password hashes stored in system files to unauthorized reading by privileged local users. An attacker who has already obtained privileged local access to the RTU can read these improperly protected files, extract credential hashes, and perform offline cracking to achieve account compromise. No public exploit code exists at time of analysis, and the vulnerability has not been listed in CISA KEV, but the high confidentiality impact on credential material in OT/ICS environments warrants attention.
Credential exposure in Schneider Electric EasyLogic T150 (formerly Saitel DR) and Saitel DP Remote Terminal Units & Controllers allows an unauthenticated attacker to recover credentials that are insufficiently protected within device firmware or system files (CWE-522). The recovered credentials can then be used to fully compromise the device when the attacker also has physical access. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; vendor advisory SEVD-2026-160-02 covers the affected OT products.
Protection mechanism bypass in Dell Display and Peripheral Manager for Mac (versions prior to 2.3) stems from improper certificate validation, allowing a low-privileged local user to defeat a security control the application relies on. Dell self-reported the issue and there is no public exploit identified at time of analysis; EPSS is very low (0.07%) and CISA SSVC marks exploitation status as 'none', though technical impact is rated 'total'. The flaw affects the macOS build of DDPM, a companion utility for Dell monitors and peripherals.
Improper access control in PPOM for WooCommerce (all versions through 33.0.18) enables unauthenticated remote attackers to bypass access controls and perform unauthorized operations affecting the integrity and availability of affected WooCommerce stores. Classified under CWE-284 and confirmed as an authentication bypass by Patchstack, the flaw exposes plugin-managed product option data to manipulation or disruption without requiring any credentials. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to CISA KEV.
Local privilege escalation to code execution affects Dell Display and Peripheral Manager (DDPM) for Windows in all versions prior to 2.3, where an Improper Access Control flaw (CWE-284) lets a low-privileged local user execute arbitrary code in a higher-privileged context. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact from a local, low-privilege starting point with no user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Broken access control in the Royal MCP WordPress plugin (versions up to and including 1.4.25) lets authenticated low-privilege users reach functionality that should be restricted, due to a missing authorization check. With a CVSS of 8.1 and high confidentiality and integrity impact, an attacker holding even a basic account can read and alter data they should not be able to touch. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Broken access control in the Slim SEO WordPress plugin through version 4.6.2 allows authenticated users holding the Contributor role to bypass authorization checks and access restricted data, yielding a high confidentiality impact per CVSS C:H. The flaw is rooted in CWE-862 (Missing Authorization), meaning the plugin fails to verify whether the requesting user holds sufficient privileges before executing certain privileged actions. No public exploit code and no CISA KEV listing exist at time of analysis; however, low attack complexity and no required user interaction make this straightforward to exploit by any valid contributor-level account holder.
Broken Access Control in the UPI QR Code Payment Gateway for WooCommerce plugin (versions <= 1.6.2) allows authenticated low-privilege WordPress users to perform actions or access endpoints reserved for higher-privileged roles, resulting in unauthorized modification of payment data or disruption of payment processing. The flaw, rooted in missing authorization checks (CWE-862), was disclosed by Patchstack and affects sites running WooCommerce with this Knit Pay plugin installed. No public exploit code has been identified at time of analysis, and it has not been confirmed as actively exploited.
Unauthenticated IDOR in License Manager for WooCommerce (versions <= 3.0.15) allows remote, unauthenticated attackers to reference and manipulate arbitrary license records by supplying or iterating object identifiers in plugin requests, yielding integrity and availability impacts on license data. The CVSS vector (PR:N, AV:N, AC:L) confirms no authentication or special conditions are needed, making the attack trivially repeatable against any reachable WooCommerce store running the affected plugin. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.
Missing authorization in the CheckView Automated Testing WordPress plugin (versions 2.1.0 and earlier) lets remote unauthenticated attackers reach functionality that should be access-controlled, enabling unauthorized modification of site data or test/automation state. The CVSS 3.1 vector (7.5, AV:N/AC:L/PR:N/UI:N) reflects a network-reachable, no-interaction flaw with high integrity impact but no confidentiality or availability loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Missing authorization in the Five Star Restaurant Reservations WordPress plugin (version 2.7.19 and earlier) lets remote unauthenticated attackers invoke protected plugin functionality and modify data without holding any account, per the CVSS PR:N vector. The flaw is a broken access control / missing capability check (CWE-862) reported by Patchstack, with a CVSS 3.1 base score of 7.5 driven entirely by integrity impact (C:N/I:H/A:N). No public exploit code or active exploitation has been identified at time of analysis.
Unauthorized data modification in the Motors car dealership and classified listings plugin for WordPress (versions <= 1.4.109) lets remote unauthenticated attackers invoke privileged actions they should not reach, due to a missing authorization check (CWE-862). The CVSS 3.1 vector (AV:N/PR:N/UI:N) confirms no authentication and no user interaction are required, with a high integrity impact but no confidentiality or availability impact. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Broken access control in the MainWP Child WordPress plugin (versions 6.1.1 and earlier) allows remote attackers to invoke privileged actions without proper authorization checks (CWE-862). Because the flaw is reachable without authentication (PR:N) it can be triggered by external attackers, though exploitation depends on tricking a user into an action (UI:R) and on overcoming non-trivial conditions (AC:H). There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sensitive data exposure in Elementor Website Builder for WordPress (versions <= 4.1.3) allows contributor-level authenticated users to access protected information due to missing authorization checks (CWE-862). The vulnerability stems from insufficient capability verification before exposing sensitive data to lower-privileged roles, enabling a contributor to retrieve data they should not have access to. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and high confidentiality impact make this a meaningful risk on any site with untrusted contributor accounts.
DNSSEC validation in PowerDNS Recursor can be silently undermined by network-positioned attackers who spoof DNS replies to trick the Recursor into permanently marking a legitimate authoritative server's IP as EDNS-incapable. Once that state is poisoned, the Recursor is unable to perform proper DNSSEC validation for any zones served by that authoritative server, effectively disabling a critical security layer for downstream clients. No active exploitation has been confirmed by CISA KEV, and no public proof-of-concept has been identified at time of analysis; however, the attack complexity is rated High due to the spoofing prerequisite.
Use-after-free in the Linux kernel's Airoha (airoha_eth) network driver allows memory corruption when metadata dst objects are torn down while still referenced by in-flight receive skbs. The airoha_metadata_dst_free() routine called metadata_dst_free()/kfree() directly, bypassing the RCU grace period required by the noref dst pointers set via skb_dst_set_noref() in the RX path, so RCU readers could dereference freed memory. No public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile); the issue is patched in current stable kernels.
Memory corruption (use-after-free) in the Linux kernel's MediaTek mtk_eth_soc Ethernet driver allows the metadata destination object to be freed via kfree() during driver teardown while the RX path may still hold a non-refcounted (noref) pointer to it from a live skb. Affects systems running the mtk_eth_soc driver (MediaTek SoC networking, common in routers/embedded devices) across multiple kernel branches; the fix routes the free through dst_release() so the RCU grace period is honored. No public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not in CISA KEV - despite the input's nominal CVSS of 9.8.
Use-after-free in the Linux kernel's IBM EMAC Ethernet driver (drivers/net/ethernet/ibm/emac) lets in-flight packet processing touch hardware resources that have already been freed during device removal, because devm_register_netdev() deferred unregister_netdev() until after emac_remove() tore down the hardware. A local attacker who can trigger driver unbind/hot-removal while the interface handles traffic can corrupt kernel memory, potentially escalating to code execution or crashing the system. This is a fixed regression window on IBM PowerPC EMAC hardware; no public exploit identified at time of analysis and EPSS risk is low (0.18%, 7th percentile).
Local privilege/memory-integrity exposure in the Linux kernel's drm/xe Intel GPU driver stems from a missed TLB invalidation: a previously merged optimization that skipped GuC scheduler suspend toggling when an exec queue was idle has been reverted because it bypassed the context switch that flushes TLB entries for invalidated userptr VMAs. On Intel Xe GPUs running in long-running (LR)/preempt-fence VM mode, this leaves stale TLB mappings to invalidated user pointers, producing page faults and stale-memory access during userptr invalidation. There is no public exploit identified at time of analysis and EPSS is low (0.17%, 7th percentile); the fix is the revert commit itself, restoring unconditional schedule toggling on suspend.
Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.
Incorrect authorization in GitLab CE/EE allows authenticated users holding developer-role permissions to bypass Maven package protection rules and overwrite protected package metadata. All GitLab versions from 17.11 through 18.11.5, 19.0.0 through 19.0.2, and 19.1.0 are affected, with patched releases available across all three trains. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; real-world impact is scoped to organizations that have explicitly configured Maven package protection rules and host untrusted developer-role users.
Incorrect authorization in GitLab CE/EE's group packages feature exposes package metadata from projects where the Package Registry has been explicitly disabled, allowing any authenticated Reporter-level group member to enumerate package names, versions, and publish timestamps that project owners intended to restrict. The flaw spans a very wide version range - all 13.6+ releases up to the newly-issued fixes in 18.11.6, 19.0.3, and 19.1.1 - meaning a large proportion of self-hosted GitLab deployments are affected. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Authorization bypass in GitLab Enterprise Edition's virtual registry cleanup policy feature allows authenticated users to read or modify cleanup policy settings belonging to groups they do not own. Affected versions span all GitLab EE releases from 18.6 through 18.11.5, 19.0 through 19.0.2, and 19.1.0. Exploitation requires a valid GitLab EE account but no elevated privileges; no public exploit code exists and this is not in CISA KEV at time of analysis.
Insufficient authorization checks in GitLab Enterprise Edition expose project information to authenticated users with limited permissions under specific, undisclosed conditions. Affecting all EE releases from 18.6 up to (but not including) 18.11.6, 19.0.3, and 19.1.1, this CWE-862 flaw allows a low-privileged authenticated attacker to read project data they should not have access to. No public exploit code exists and no active exploitation has been confirmed; the high attack complexity (AC:H) and requirement for an authenticated session substantially limit real-world risk.
Confidential issue references in GitLab CE/EE public projects are exposed to unauthenticated users due to missing authorization checks (CWE-862). Affecting all GitLab versions from 17.5 through 18.11.5, 19.0.0-19.0.2, and 19.1.0, this flaw enables any unauthenticated remote attacker to retrieve references to confidential issues on public projects - potentially revealing issue IDs, titles, or internal metadata that project owners explicitly restricted. No public exploit code or CISA KEV listing exists at time of analysis; however, the unauthenticated, low-complexity network vector makes this trivially automatable for reconnaissance against large GitLab installations.
Incorrect authorization in GitLab Enterprise Edition's DAST site profile management exposes stored secrets to users with the Developer role under certain conditions. Affecting all GitLab EE releases from 13.11 through the recently patched 18.11.6, 19.0.3, and 19.1.1, the flaw allows a lower-privileged authenticated user to read secrets - such as authentication credentials or API tokens - embedded in DAST site profiles they should not have access to. No public exploit code or CISA KEV listing has been identified at time of analysis, and the high attack complexity (AC:H) implies specific conditions must align for exploitation to succeed.
Protected environment configuration bypass in GitLab Enterprise Edition exposes CI/CD deployment gates to authenticated users holding custom role permissions, even when CI/CD visibility is explicitly disabled for the project. Affecting all EE versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1, this CWE-863 (Incorrect Authorization) flaw allows such users to view, create, or delete protected environment rules that should be inaccessible. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.
Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.
Rocket.Chat's Omnichannel visitors.info API endpoint exposes visitor session tokens in response payloads, enabling a privileged caller to capture and reuse those tokens for authentication bypass against LiveChat visitor identities. Affected deployments span multiple 7.x and 8.x release branches, with vendor-confirmed fixes across seven patch releases. No public exploit code and no CISA KEV listing exist at time of analysis; however, the CWE-285 (Improper Authorization) classification and 'Authentication Bypass' tag confirm meaningful post-exploitation potential for session impersonation.
{"$gt": ""} matches the first unexpired credential-token document, yielding a full Meteor auth token bound to a legitimate victim - and full instance compromise if that victim is an administrator. No public exploit identified at time of analysis, but the CVSS 9.1 rating and trivial exploitability make this a high-priority patch.
Session-destruction denial of service in Rocket.Chat's SAML single logout allows an unauthenticated remote attacker to forcibly log out any SAML-authenticated user by submitting a forged, unsigned LogoutRequest to the SP logout endpoint. Because the integration never validates the SAML signature, an attacker who knows only a victim's NameID - typically their email address, as exposed by Okta, Google Workspace, Microsoft Entra ID, and JumpCloud - can repeatedly destroy sessions and script the attack across many accounts to render the instance unusable. No public exploit identified at time of analysis; the CVSS 4.0 base score is 8.7 (availability-only impact), and fixes are available across all maintained release branches.
Authentication bypass in FOSSBilling 0.7.2 and earlier lets remote unauthenticated attackers create a fully privileged administrator account through the guest bootstrap endpoint /api/guest/staff/create, which fails to lock after the first admin exists. Because the account can immediately authenticate, this yields complete takeover of the billing and client-management platform. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial network-based exploitation (CVSS 4.0 9.3) makes it a serious exposure for any internet-facing instance.
KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for any other VMI scheduled on the same Kubernetes node, causing virt-handler to corrupt that VMI's state and disrupt its lifecycle management. The root cause is that gRPC handlers for HandleDomainEvent and HandleK8SEvent accept VMI namespace/name exclusively from the request body, never cross-checking against the per-VMI pipe socket the connection arrived on. With CVSS 6.5 (AV:L/S:C), the attack requires local access via a compromised container but can impact multiple VMIs across tenants on the same node; no public exploit code or CISA KEV listing has been identified at time of analysis.
SiYuan's personal knowledge management system prior to 3.7.0 exposes all user note content to unauthenticated database exfiltration through a deliberately auth-excluded API endpoint. The `/api/icon/getDynamicIcon` endpoint, when invoked with `type=8` and a valid block ID, renders a Go template that executes arbitrary SELECT queries against SiYuan's SQLite backend via `querySQL` and `queryBlocks` functions - functions designed for note querying but reachable without any credential check. An attacker with network adjacency who possesses a valid block ID can read the entire database: note content, tags, asset references, and block attributes. No public exploit or CISA KEV listing has been identified at time of analysis; the AC:H rating reflects the block ID prerequisite. A fix is available in version 3.7.0.
{"setDeploymentAs": "new-workspace"}. The endpoint correctly requires authentication but performs no role/permission check (CWE-862), so the action wipes cloud credentials, removes the workspace license, and breaks push notifications for all users until manual re-registration. No public exploit identified at time of analysis; the issue is a denial-of-service / integrity flaw rather than data theft (CVSS C:N, I:H, A:H = 8.1).
Authentication bypass in Rocket.Chat's Apple Sign-In handler allows attackers to impersonate any user by replaying a captured Apple identity token. The handler verifies the JWT signature but skips validation of the aud, exp, nbf, and nonce claims, so any Apple-signed token with a non-empty iss is accepted indefinitely with no replay-window expiry. Affected versions are those prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Authentication bypass leading to account takeover in Rocket.Chat affects the Apple Sign-In OAuth flow prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. The handleIdentityToken function in the Apple login handler falls back to trusting an attacker-supplied email value when the Apple-issued JWT omits an email claim, so a remote unauthenticated attacker can forge an email-less Apple JWT and log in as any victim by their email address. No public exploit is identified at time of analysis, but the CVSS 4.0 base score of 9.3 (critical) and trivial exploitation conditions make this a high priority for any instance with Apple login enabled.
Private repository metadata in Gogs 0.14.3 and earlier leaks to any authenticated user due to a boolean inversion in the Watch API access control check. An authenticated attacker who watches a private repository they are not authorized to view will receive commit messages, branch names, issue titles, and PR details via their dashboard activity feed - and full issue and comment content via email if notifications are enabled. No public exploit has been identified at time of analysis, though the single-line boolean fix published in the upstream commit makes the flaw trivial to reproduce by any authenticated user who reads the commit diff.
Signature bypass in Mastodon's ActivityPub federation layer allows remote unauthenticated attackers to falsely attribute article authorship by manipulating the `toot:attributionDomains` property of signed Update activities. Affected are all Mastodon instances running versions 4.3.0 through 4.5.10 or 4.4.x through 4.4.17, where a JSON-LD definition error renders Linked Data Signatures on this specific property non-binding. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the low attack complexity (CVSS AV:N/AC:L/PR:N) and the federated, internet-exposed nature of the protocol make exploitation straightforward for any actor able to send ActivityPub messages.
Missing authentication in the Aclara Metrum Cellular Web Interface (a Hubbell/Aclara cellular communications module used in utility smart-grid metering) lets remote attackers reach critical system functions without any credentials. Per the CVSS:4.0 vector (PR:N/UI:N) an unauthenticated network attacker can read and modify operational configuration and force device restarts, and repeated restarts can sever device communications - a pure availability impact (VA:H, no confidentiality or integrity loss). There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV; EPSS data was not provided.
Insecure direct object reference (IDOR) in FOSSBilling's Servicecustom Client API (versions 0.7.2 and prior) lets any authenticated client retrieve another client's custom service records by supplying a guessed sequential order_id, because the __call method fetches the order without an ownership check. The exposed data includes other clients' PII (name, email, phone, address, company details, VAT number) and service configuration, making this a cross-tenant confidentiality breach. No public exploit identified at time of analysis, and the issue is resolved in version 0.8.0.
Cross-workspace data disclosure in Twenty CRM before 2.9.0 lets any authenticated user holding the AI settings flag (a workspace owner by default) read another tenant's AI agent chat history and trigger LLM evaluations against the victim's data on the same instance. By supplying a victim's agentId or turnId to the agentTurns query or evaluateAgentTurn mutation, an attacker retrieves raw chat text, tool calls, and tool outputs that belong to a different workspace. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Site isolation bypass in Google Chrome's Passwords implementation allows a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.197 on desktop platforms. Google has confirmed this as a High severity Chromium issue; no public exploit code or active exploitation has been identified at time of analysis, and CISA SSVC categorizes exploitation status as none.
Site isolation bypass in Google Chrome's Navigation component allows an attacker who has already compromised the renderer process to escape Chrome's cross-origin containment boundary via a crafted HTML page, affecting all Chrome versions prior to 149.0.7827.197. The vulnerability stems from insufficient input validation (CWE-20) in the Navigation subsystem, which fails to properly enforce site isolation when navigations are initiated from a compromised renderer. No public exploit code has been identified and CISA SSVC confirms no known active exploitation at time of analysis, though the prerequisite of renderer compromise makes this a meaningful second-stage escalation primitive.
Same-origin policy bypass in Google Chrome's DeviceBoundSessionCredentials (DBSC) feature affects all Chrome versions prior to 149.0.7827.197, allowing a remote attacker to read limited cross-origin data via a crafted HTML page. The flaw stems from incorrect origin validation (CWE-346) in the DBSC implementation, a relatively new anti-session-hijacking subsystem. SSVC assessment confirms no exploitation at time of analysis, and no public exploit code has been identified; the CVSS score of 4.3 Medium reflects meaningful but bounded confidentiality impact contingent on user interaction.
Authentication bypass in Apache Shiro affects deployments using the shiro-guice module in a web servlet context, where a specially crafted HTTP request can evade path-based access controls and reach protected resources without valid credentials. It mirrors the older shiro-spring flaw CVE-2020-1957 but targets the Guice integration instead, impacting all Shiro releases through 2.x and 3.0.0-alpha-1. No public exploit identified at time of analysis, though the CVSS 4.0 base score of 8.2 reflects high confidentiality impact and the close analogy to a previously exploited bug class.
Server-side request forgery (SSRF) filter bypass in Ghost CMS 6.0.9 through 6.21.0 allows remote unauthenticated attackers to direct the application to reach internal network services by supplying IPv6 literals that map to private IPv4 addresses, circumventing Ghost's outbound IP blocklist. The root cause is CWE-184 (Incomplete List of Disallowed Inputs): the filter validates against RFC 1918 private ranges but does not normalize IPv6-mapped IPv4 notation before comparison. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; Ghost 6.21.1 resolves the issue.
DNS rebinding bypasses Ghost CMS's private-IP validation for outbound HTTP requests, enabling server-side request forgery (SSRF) against internal network resources. Versions 6.0.9 through 6.21.0 are affected; the root cause is a TOCTOU race (CWE-367) between Ghost's allowlist check and the actual TCP connection, which a DNS-rebinding attacker exploits by switching DNS records between check-time and connect-time. No public exploit code identified and not listed in CISA KEV, but the scope-changed CVSS rating (S:C) reflects that successful exploitation escapes Ghost's network boundary into adjacent internal infrastructure.
Improper authorization in OpenAM Community Edition's Liberty ID-WSF SOAP receiver lets an unauthenticated remote attacker write persistent entries into the Liberty Discovery store on any user's LDAP entry and into a shared root-realm Discovery branch, with the writes executed server-side under elevated internal privileges (the global path explicitly uses the internal admin token). All Open Identity Platform OpenAM Community Edition releases through 16.0.6 that expose the Liberty Web Services component are affected; the issue is fixed in 16.1.1. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the affected code ships in default configuration.
Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_00 through the fix in 0.2026.05.06.15.42.stable_01) lets denylisted, confirmation-required commands auto-execute. Because the non-interactive CLI agent matched command strings against its denylist before stripping leading environment-variable assignments, an attacker able to influence the agent's emitted command output (e.g., via prompt injection) can prefix a blocked command such as 'rm' with 'X=1' to evade the safety boundary. No public exploit is identified at time of analysis, and it is not listed in CISA KEV.
{} blocks that fire unconditionally - even when the preceding ownership-checked read fails - scoping deletion only by raw primary key with no userId or workspaceId constraint. Versions 1.11.1 through 1.14.0 are affected; no public exploit or CISA KEV listing identified at time of analysis, though the fix commit confirms the root cause and makes exploitation trivially reproducible.
Cross-domain cookie injection in curl (versions 7.46.0 through 8.20.0) lets a malicious or compromised HTTP server set 'super cookies' that bypass the Public Suffix List (PSL) safeguard, causing curl to scope attacker-supplied cookies to unrelated third-party domains and transmit them on later requests. Rated CVSS 9.1 and tagged as an authentication bypass, the flaw undermines cookie origin isolation, but EPSS is low at 0.22% (12th percentile), there is no CISA KEV listing, and no public exploit was identified at time of analysis. A patched release is available from the curl project.
SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.
Unauthenticated account self-registration in MailerUp before 1.0.1 lets any remote attacker POST to /api/auth/register/ and obtain a working account, even on instances where operators intended registration to be closed, because the RegisterView is wired with Django REST Framework's AllowAny permission and enforces no email verification, CAPTCHA, or admin approval. Once registered, the attacker can read every email stored by the instance, yielding full disclosure of all stored messages. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch (1.0.1) removes the public registration endpoint entirely.
Unauthorized configuration modification in OpenText Access Manager before 5.1.3 allows a remote unauthenticated attacker to alter system configuration via API calls that lack proper authorization enforcement, classified under CWE-648 (Incorrect Use of Privileged APIs). Affected deployments expose privileged API endpoints without adequate access control, enabling integrity impact across both the vulnerable system and subsequent systems relying on it for identity and access decisions. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Directory ACL bypass in ProFTPD (through 1.3.9b and 1.3.10rc2) lets authenticated FTP users reach files inside DenyAll-protected directories by prefixing paths with /proc/self/root in the RNFR (rename-from) command. Because the CVSS 4.0 vector specifies PR:L, exploitation requires a valid low-privilege FTP account, after which an attacker can rename and then retrieve files that configured Directory ACLs were meant to protect. There is no public exploit identified at time of analysis and no KEV listing, but the VulnCheck-assessed CVSS of 8.6 reflects the strong confidentiality and integrity impact on file-access controls.
A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Assembla Plugin 1.4 and earlier exposes a connection-test endpoint without adequate permission enforcement, allowing any Jenkins user holding only Overall/Read permission to trigger outbound HTTP connections to an arbitrary attacker-controlled URL with attacker-supplied credentials. This enables both a limited Server-Side Request Forgery (SSRF) vector for internal network probing and credential interception on the attacker's endpoint. No public exploit code or active exploitation has been identified at time of analysis; SSVC assessment confirms exploitation status as none.
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.
Missing authorization checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow any authenticated Jenkins user with the low-privilege Overall/Read permission to enumerate the names of configured Contrast metadata via a network-accessible endpoint. The vulnerability is classified CWE-862 (Missing Authorization) and has an EPSS score of 0.15% (4th percentile), indicating negligible real-world exploitation activity. No public exploit code and no CISA KEV listing have been identified, making this a low-urgency but real information-disclosure concern for multi-tenant Jenkins environments with untrusted users.
Missing authorization in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier permits any authenticated Jenkins user holding the minimal Overall/Read permission to invoke a connection test endpoint with fully attacker-controlled URL, username, API key, and service key. This enables the Jenkins server to make arbitrary outbound HTTP connections - a Server-Side Request Forgery (SSRF)-class impact - without the elevated privileges that should guard such functionality. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, indicating low current exploitation probability despite network reachability.
Missing permission check in Jenkins EC2 Fleet Plugin versions up to 4.2.3.539.v8fedff2a_81c3 enables any authenticated user holding the low-privilege Overall/Read role to trigger a credential-capture attack by directing the plugin to connect to an attacker-controlled endpoint and transmitting AWS credentials stored in Jenkins. The attacker must independently obtain a valid credential ID before exploiting this flaw, making it a chained attack rather than a direct standalone exploit. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog; SSVC rates exploitation status as none.
Credential ID enumeration in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows authenticated attackers holding only global Item/Configure permission to bypass the intended per-job permission boundary and list credential IDs stored in Jenkins. The root cause is an incorrect permission check (CWE-862) that conflates global and job-scoped authorization, leaking credential identifiers without requiring job-level rights. No public exploit code exists and SSVC rates exploitation status as none; however, enumerated credential IDs can serve as reconnaissance for chained attacks targeting those credentials.
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow any authenticated user holding the minimal Overall/Read Jenkins role to trigger outbound connections from the Jenkins controller to an attacker-specified URL using credential IDs sourced through a secondary method. This creates an SSRF-like primitive enabling internal network probing and credential ID validation without administrative access. No public exploit code has been identified at time of analysis, and SSVC confirms current exploitation status as none.
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
Authorization bypass in Capgo (cap-go before 12.128.2) allows holders of org-limited API keys to read membership data from organizations outside their assigned scope by calling the GET /organization/members endpoint without proper enforcement of limited_to_orgs restrictions. Exposed fields include uid, email, image_url, role, and is_tmp - sufficient to enumerate organization membership and email addresses across tenants. No public exploit identified at time of analysis; CVSS 4.0 scores this at 5.3 reflecting a low-privilege, network-accessible attack with limited confidentiality impact.
Unauthenticated remote attackers can read, insert, and delete stored app icons in Capgo (all versions before 12.128.2) due to a Supabase images bucket entirely lacking row-level security (RLS) controls. Exploitation leaks sensitive app IDs and user IDs embedded in bucket metadata, and enables full icon deletion causing visual degradation of hosted applications. No public exploit code has been identified at time of analysis, and a vendor-released patch is available in version 12.128.2.