Authentication Bypass
Monthly
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attackers to forge OIDC identity tokens and obtain fully authenticated technician sessions, because the server accepts ID tokens without verifying their cryptographic signature. Publicly available exploit code exists and the flaw can also bypass MFA in some configurations, making vulnerable remote-support deployments a high-priority target despite no current CISA KEV listing.
Denial of service in Capgo Console versions prior to 12.28.2 allows an authenticated attacker to lock legitimate users out of authentication and onboarding flows by triggering account deletion while a device identifier is bound to the active session. The platform incorrectly persists the deletion state against the device identifier rather than the account, causing the affected browser or device to be redirected to an account-disabled page for roughly 30 days. No public exploit identified at time of analysis, but a vendor patch and GHSA advisory (GHSA-qmrm-qgwr-55jf) have been published following disclosure by VulnCheck.
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding group-link permissions to promote themselves or other group members to team or channel administrator by setting the scheme_admin flag through group syncable link and patch API endpoints. The flaw stems from missing role-management authorization checks, and with a CVSS of 8.8 (network, low complexity, low privileges) it enables tenant-wide takeover of collaboration workspaces; no public exploit identified at time of analysis.
Mattermost's team creation API endpoint (POST /api/v4/teams) fails to enforce the PermissionInviteUser authorization check, allowing authenticated users holding only PermissionCreateTeam to configure invite-controlled team settings - including making a team publicly joinable via open invite and restricting membership by allowed domains - that they are explicitly prohibited from setting on existing teams. Affected versions span the 10.11.x, 11.5.x, and 11.6.x release trains up to their respective latest builds. No public exploit identified at time of analysis, and the flaw has not been listed in CISA KEV.
Privilege escalation in Mattermost collaboration platform allows authenticated users holding delegated user-management permissions to modify built-in system role permissions via the role patch API, bypassing a required system-level permission check. Affects Mattermost 10.11.x through 10.11.16, 11.5.x through 11.5.4, and 11.6.x through 11.6.1. No public exploit identified at time of analysis; EPSS is very low (0.03%) and the SSVC framework reports no observed exploitation.
Account takeover in Cap-go (Capgo) versions prior to 12.128.2 allows an attacker holding a temporary authenticated session to change the account's registered email address without re-authentication (no password or MFA prompt), then trigger a password reset to attacker-controlled inbox and seize the account. The flaw, reported by VulnCheck and tracked as a missing-authentication weakness (CWE-306), has a vendor patch but no public exploit identified at time of analysis.
Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorization boundary by invoking the V1 collection-level REST endpoints, which forward None as both the tenant and database identifiers to the authorization layer. The flaw, disclosed by HiddenLayer, exposes high-impact reads and writes to cross-tenant collections in this Python vector database. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
CRLF injection in SwiftNIO's outbound HTTP/1.1 start line handling enables HTTP request smuggling and HTTP response splitting in applications built on swift-nio 2.0.0 through 2.99.0. The validators NIOHTTPRequestHeadersValidator and NIOHTTPResponseHeadersValidator enforce header field name and value correctness but leave the request URI, HTTP method, and response reason phrase unvalidated, allowing CR/LF sequences to be injected by any attacker who controls those fields. Successful exploitation can smuggle arbitrary HTTP requests past intermediaries, bypass WAF rules, or poison shared web caches. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, exploitation in vulnerable proxy deployments is described as low-effort by the advisory authors.
{"$gt": ""}`) to be interpreted as query logic rather than literal values. No public exploit is independently catalogued (KEV not listed), but a proof-of-concept TypeScript payload is included in the vendor advisory, and EPSS sits at 0.03% (8th percentile), indicating low observed exploitation activity at time of analysis.
Authorization bypass in jpillora/chisel through version 1.11.4 allows any authenticated client to tunnel TCP traffic to arbitrary host:port destinations reachable from the chisel server, completely defeating the --authfile ACL. The server enforces remote-address restrictions only during the initial config handshake but never re-validates the destination encoded in SSH channel ExtraData, so a client that authenticates with a permitted remote can immediately open channels to any address. Publicly available exploit code exists (full PoC published in the GHSA advisory), though EPSS is low at 0.02% and the issue is not in CISA KEV.
Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.
Open redirect / OAuth redirect_uri validation bypass in the Aqara Cloud OAuth authorization endpoint (open-cn.aqara.com/oauth/authorize) allows remote attackers to coerce the IdP into redirecting authorization responses to attacker-controlled hosts due to lax domain-matching logic. With user interaction the flaw can be abused to steal OAuth authorization codes or tokens issued to legitimate Aqara client applications, enabling account takeover of Aqara smart-home accounts. No public exploit identified at time of analysis, though a referenced GitHub repository (xn0tsa/theres-no-place-like-home) and the runZero advisory describe the issue publicly.
Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.
Missing authentication in the Aqara Board service (op-test.aqara.com) lets remote, unauthenticated attackers submit arbitrary MQTT command payloads that the exposed debug/test API relays to the platform's HiveMQ broker without any credential check. Publicly available proof-of-concept exploit code exists (SSVC: poc), and while EPSS is low (0.06%), runZero documents this as one link in a chain (CVE-2026-50082 through -50085) that together enables a fully unauthenticated remote takeover of affected devices. It is not listed in CISA KEV, so active exploitation in the wild is not confirmed.
Broken authorization in the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) allows any valid developer token to operate against arbitrary user accounts, breaking tenant isolation across the platform. Discovered and disclosed by runZero, the issue stems from missing authorization checks (CWE-862) and, when chained with CVE-2026-50082/50083/50085, enables fully unauthenticated remote takeover of affected smart-home devices. No public exploit identified at time of analysis, though a related researcher repository is referenced in the advisory.
Authentication bypass in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) stems from a hardcoded OAuth client credential shipped in the identity backend, letting remote attackers impersonate a trusted OAuth client and subvert the single sign-on trust boundary. Discovered by runZero and tracked as EUVD-2026-36473, it carries a critical CVSS of 9.8 and a proof-of-concept is publicly available, though EPSS (0.03%) shows no evidence of widespread automated exploitation. On its own it compromises the SSO/authorization layer, but chained with CVE-2026-50082, CVE-2026-50084, and CVE-2026-50085 it enables a fully unauthenticated remote takeover of affected devices.
Unauthenticated developer token issuance in the Aqara Cloud Developer Portal (developer.aqara.com) allows any remote attacker to obtain a valid API token by supplying an arbitrary email address, with no ownership verification performed. This is the entry point of a documented four-CVE attack chain (CVE-2026-50082 through CVE-2026-50085) that, when exploited in sequence, enables full takeover of Aqara smart home devices belonging to the victim account. A public proof-of-concept exists on GitHub; no public exploit identified at time of analysis for active exploitation, but the zero-prerequisite nature of this flaw makes it trivially automatable.
Cross-tenant data access in the ChromaDB Rust implementation (version 1.0.0 and later) lets any authenticated tenant user read, write, update, or delete data inside collections owned by other tenants because the server does not validate that the caller's tenant matches the target resource. The flaw, reported by HiddenLayer and tracked as CWE-639, breaks the tenant isolation boundary that multi-tenant ChromaDB deployments rely on, and no public exploit identified at time of analysis.
Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, write, update, or delete data in collections belonging to other tenants, breaking the tenant isolation boundary that multi-tenant deployments rely on. The flaw, reported by HiddenLayer and tracked under CWE-639, carries a CVSS 4.0 score of 8.8 reflecting high confidentiality and integrity impact on both the vulnerable system and downstream tenants. No public exploit identified at time of analysis and not listed in CISA KEV.
Missing authorization checks on multiple Frappe framework endpoints allow remote unauthenticated attackers to access and modify resources without permission. All Frappe installations on the 15.x branch prior to 15.107.0 and the 16.x branch prior to 16.17.0 are affected. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% reflects minimal current exploitation activity, though the attack requires no credentials or special preconditions.
Improper access control in Frappe Framework (all versions prior to 16.17.4) allows any authenticated user to retrieve private files by guessing their server-side file path, bypassing intended authorization restrictions. The flaw is classified under CWE-284 (Improper Access Control) and affects the file-serving layer of the framework, which underlies widely deployed applications such as ERPNext. No public exploit code has been identified at time of analysis, and exploitation probability is very low per EPSS (0.02%, 7th percentile), though the low attack complexity makes it straightforward for any credentialed user to attempt.
Improper access control in Frappe prior to 16.17.4 permits any authenticated user to modify any field in any Onboarding Step record, bypassing expected privilege restrictions. Affected deployments running versions below 16.17.4 expose their onboarding configuration data to unauthorized tampering by low-privileged users. EPSS is extremely low (0.02%, 5th percentile), no public exploit code has been identified, and the vulnerability is not listed in CISA KEV, suggesting no observed active exploitation at time of analysis.
Missing authorization in Frappe allows any authenticated low-privileged user to invoke the onboarding reset function and wipe onboarding state for all users system-wide, affecting all releases before 15.107.2 and 16.17.4. The CWE-862 root cause indicates the reset endpoint performs no role or privilege check before executing a privileged, system-wide operation. No public exploit code exists and EPSS sits at 0.02% (5th percentile), placing real-world exploitation risk at the lower end despite the disruptive potential of forcing every user through onboarding flows on next login.
Insecure Direct Object Reference (IDOR) in the Frappe full-stack web application framework exposes email configuration details of arbitrary users to any authenticated account. The flaw exists in versions prior to 15.107.0 (v15 branch) and 16.17.0 (v16 branch), allowing a low-privilege authenticated attacker to enumerate and read email settings belonging to other users by manipulating object references in requests. No public exploit has been identified and the issue is not listed in CISA KEV, though the low EPSS score (0.02%) and network-accessible vector warrant patching, particularly for multi-tenant Frappe deployments.
Authentication bypass in Related Marketing Cloud (RMC) by Hedef Media Promotion Interactive Media Marketing Inc. exposes unauthenticated remote attackers to credential brute-forcing via a spoofing weakness (CWE-290), allowing them to circumvent authentication controls without prior access. All RMC versions through 12052026 are affected, and the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no privileges, no user interaction, and no special network positioning. No public exploit code or CISA KEV listing has been identified at time of analysis; the advisory originates from TR-CERT via the Turkish national cybersecurity authority.
Unauthorized resource access in the Frappe web application framework exposes the submit_discussion() endpoint to unauthenticated network callers who can bypass access controls and write discussion data to resources they do not own. All Frappe deployments running versions prior to 15.107.0 (v15 branch) or 16.17.0 (v16 branch) are affected, with impact limited to low-severity integrity writes and no confidentiality or availability consequence. No public exploit code exists and EPSS probability is 0.03% (9th percentile), indicating low opportunistic exploitation pressure despite the unauthenticated network attack vector.
Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.
Hard-coded MQTT broker credentials in Yarbo Android and iOS applications allow remote unauthenticated attackers to subscribe to and publish on the cloud MQTT brokers serving the entire global Yarbo robot fleet. Because the credentials are identical across all users and devices and trivially extractable via APK decompilation, anyone knowing a target robot's serial number can read its telemetry or send arbitrary commands. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CISA ICS advisory reflect the systemic, fleet-wide nature of the exposure.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.
Authentication bypass in Başbelen Group's Pause+ Mobile App versions 1.0.6 through 1.4.x allows remote attackers to defeat login protections by exhausting authentication attempts without lockout, per CWE-307. The CVSS 9.8 score and PR:N/UI:N vector indicate unauthenticated network-based exploitation against any user account, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Route-rule middleware bypass in Nuxt 3.11.0-3.21.6 and 4.0.0-4.4.6 allows remote attackers to evade routeRules-defined protections (authentication, redirects, headers, prerender/SSR controls) by simply varying URL case, because vue-router matches paths case-insensitively while the routeRules matcher matched case-sensitively. The fix in 3.21.7 and 4.4.7 lowercases the path before matching. EPSS is 0.02% and no public exploit is identified at time of analysis, but the underlying class is trivially abused once an asymmetric rule is known.
Discord role hierarchy bypass in Quest Bot (open-source Discord moderation bot) prior to version 1.1.6 allows moderators to perform privileged actions against users ranked above them in the server role hierarchy. Any moderator holding the relevant Discord permission bit can ban, kick, timeout, untimeout, warn, or rename higher-ranked members so long as the bot itself outranks the target. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authorization bypass in Quest Bot Discord bot prior to version 1.1.6 lets low-privilege guild members invoke the purge and slowmode commands in channels where their channel-level permissions explicitly deny moderation. The bot only validates guild-wide permissions on the invoking member and ignores Discord's per-channel permission overrides, so a user excluded from moderating a specific channel can still delete messages and alter slowmode there. No public exploit identified at time of analysis, and the issue is patched in v1.1.6.
Hardcoded database credentials in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X platform) allow remote unauthenticated attackers to authenticate to the backend database with administrative privileges. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects trivial network-accessible exploitation with full confidentiality, integrity, and availability impact. The flaw is reported by TWCERT and tagged as an Authentication Bypass.
Information disclosure in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X) allows unauthenticated remote attackers to retrieve partial system configuration data by invoking a specific function that lacks authentication enforcement. The flaw is reported by TWCERT and carries a CVSS 4.0 base of 7.9, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.
Unauthorized camera and microphone access in Heptabase by Hepta Platforms is achievable by unauthenticated remote attackers who social-engineer a victim into opening a malicious webpage inside the application, exploiting an exposed dangerous method (CWE-749) that bypasses normal permission gating. The attack yields high confidentiality impact - real-time audio and video capture - with no privileges required on the attacker's side, constrained only by the need for active victim interaction. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, though the surveillance-class outcome makes it attractive for targeted campaigns.
Command restriction bypass in the SSH service of Cellopoint CelloOS allows authenticated remote attackers to escape the restricted shell and execute arbitrary operating system commands beyond their authorized scope. The flaw is tracked as an Improper Access Control issue (CWE-1284) and was disclosed by Taiwan's TWCERT with a CVSS 4.0 score of 8.7. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Improper access control in Ubiquiti UniFi OS allows network-adjacent attackers to make unauthorized configuration changes to UniFi Dream Machine, Cloud Gateway, and Express gateway devices under certain network configurations. The flaw, scored CVSS 8.1 with full CIA impact, requires no authentication (PR:N) but has high attack complexity (AC:H), and no public exploit identified at time of analysis. Disclosed via HackerOne and addressed in Ubiquiti Security Advisory Bulletin 065.
Privilege escalation in phpBB allows an authenticated administrator with limited rights to grant themselves permissions beyond their authorized scope through the Administration Control Panel (ACP), enabling elevation to full administrative control over the forum. The flaw stems from improper verification of access permissions when permissions are modified via the ACP, and no public exploit identified at time of analysis. With CVSS 7.2 (PR:H) and no KEV listing, this is a meaningful but not panic-level risk that primarily threatens multi-admin phpBB deployments where administrative duties are intentionally segmented.
Cross-tenant privilege escalation in WebPros WordPress Toolkit prior to 6.11.0 (as bundled with cPanel & WHM) allows an authenticated low-privilege account holder to inject arguments into the wp-toolkit CLI and execute commands in the context of another tenant on the same shared server. With a CVSS of 9.9 and scope change, a single compromised hosting account can pivot to siblings on the same host. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Account hijacking in phpBB is possible due to improper authentication checks in the OAuth implementation, affecting default installations even when OAuth is not configured or enabled. Remote unauthenticated attackers can gain unauthorized access to arbitrary accounts on the forum platform, with no public exploit identified at time of analysis despite the critical 9.8 CVSS score.
ClipBucket v5's subtitle management feature lacks ownership verification, enabling any authenticated user to upload, rename, or delete subtitle tracks on videos belonging to other users. All releases prior to version 5.5.3 - #133 (CPE: cpe:2.3:a:macwarrior:clipbucket-v5) are affected. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the low attack complexity and network accessibility present credible risk in any multi-user ClipBucket deployment.
Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior to 26.8.1) allows a remote attacker to abuse an authenticated user's browser session by luring them to a malicious page. Per CyberArk bulletin CA26-21, the extension's internal web-page verification routine fails to correctly enforce origin checks (CWE-346), enabling unauthorized application interaction in the victim's identity context. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high confidentiality impact and subsequent-system impact via the identity SaaS the extension brokers.
Site isolation bypass in Google Chrome for Android (versions prior to 149.0.7827.115) enables an attacker who has already achieved renderer process compromise to cross origin boundaries via a crafted HTML page, potentially exposing password data managed by the browser's Passwords component. The vulnerability is rooted in CWE-346 (Origin Validation Error) - Chrome's Passwords implementation on Android fails to properly enforce origin checks in the context of a compromised renderer. No public exploit identified at time of analysis; the low CVSS base score of 3.1 reflects that exploitation is dependent on a prior renderer compromise, making this a chained-exploitation concern rather than a standalone critical risk.
Same-origin policy bypass in Google Chrome's DevTools component exposes all Chrome versions prior to 149.0.7827.115 to cross-origin integrity violations when a victim visits a crafted HTML page. The root cause (CWE-346) is insufficient origin validation within DevTools policy enforcement, allowing a remote unauthenticated attacker to circumvent the browser's fundamental isolation boundary and tamper with cross-origin content. No public exploit identified at time of analysis; EPSS of 0.02% (4th percentile) and absence of a CISA KEV listing indicate currently low real-world exploitation pressure despite the High Chromium severity rating.
Site isolation bypass in Google Chrome's Extensions implementation (prior to 149.0.7827.115) enables an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. This is a chained exploit primitive - it cannot be weaponized standalone and requires a preceding renderer compromise, limiting its practical severity despite the network delivery vector. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis. The low CVSS score of 3.1 reflects the high attack complexity and constrained confidentiality impact.
Authenticated format string vulnerability in the ONVIF service of TP-Link Tapo C110 v2 cameras allows adjacent-network attackers with valid credentials to manipulate stack memory and redirect execution to internal functions, triggering an unauthorized factory reset. Successful exploitation wipes configuration, deletes stored credentials, and disrupts video surveillance service. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Path traversal in WsgiDAV 4.3.3 allows WebDAV clients to read, write, or delete files outside the configured filesystem share root when a sibling directory's name shares a prefix with the share root. The flaw lives in FilesystemProvider._loc_to_file_path(), which performs a string-prefix containment check instead of a path-boundary-aware one, and is reachable via URL-encoded dot segments such as /%2e%2e/. No public exploit is identified at time of analysis, but a proof-of-concept is described in the vendor advisory and a vendor-released patch exists (4.3.4).
Improper authorization in DevGuard versions prior to v1.4.2 allows any authenticated user on the instance - including users with no membership in the target organization, project, or asset - to perform write operations on vulnerability-triage endpoints of any public asset. The flaw lets attackers create, modify, or delete VEX rules, dependency-vulnerability events, license risks, external references, and artifacts, corrupting the integrity of published vex.json/sbom.json output consumed by downstream supply-chain users. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%, 11th percentile), reflecting the niche audience but not the integrity blast radius.
Inconsistent server-side scope enforcement in Filament's AttachAction and AssociateAction Select fields allows an authenticated low-privilege user to associate out-of-scope records by tampering with Livewire component state. Developers can scope which records appear in these Select dropdowns via `recordSelectOptionsQuery()`, but the built-in validation rule did not enforce the same scope - meaning the UI restriction was purely cosmetic and bypassable. Patches are available across all three affected major version lines; no public exploit or CISA KEV listing identified at time of analysis.
Authorization bypass in OpenClaw before 2026.4.24 allows local, low-privileged callers to circumvent owner-only tool policies and before-tool-call hooks via the MCP loopback feature. By routing requests through the affected loopback path, a non-owner principal can invoke tools that should be restricted to the owner role, effectively escalating effective privileges within the application. No public exploit code has been identified at time of analysis, but a vendor patch has been released and the vulnerability was reported by VulnCheck.
Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information during Control UI device pairing and escalate temporary shared access into durable, admin-capable device tokens that persist across token rotation. The flaw stems from insufficient locality-derived trust validation (CWE-290), enabling lateral conversion of low-privilege sessions into persistent administrative credentials. No public exploit identified at time of analysis, but a vendor patch and VulnCheck advisory are available.
Authorization bypass in OpenClaw before 2026.5.18 allows a paired node to forge exec lifecycle events and obtain capabilities reserved for nodes holding system.run authorization. By sending crafted node.event messages, an attacker controlling any peered node can steer gateway sessions into exec-event paths and execute privileged operations, with no public exploit identified at time of analysis.
Authorization bypass in OpenClaw before 2026.5.19 allows authenticated lower-trust users to read messages from channels outside their allowlist by abusing missing validation in message read actions. The flaw maps to CWE-862 (Missing Authorization) and carries a CVSS 4.0 score of 7.1 with high confidentiality impact; no public exploit identified at time of analysis, but a vendor patch is available.
Privilege escalation in OpenClaw before 2026.5.7 allows authenticated Matrix users to impersonate other identities by manipulating their mutable display name to match policy entries in the allowFrom feature. The flaw stems from authentication relying on a user-controlled attribute (CWE-290), letting attackers receive agent access intended for another Matrix identity. No public exploit identified at time of analysis, but a vendor patch and VulnCheck advisory are available.
OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.
Approval policy bypass in OpenClaw's Skill Workshop apply flow allows remote attackers to apply workshop configuration changes without completing the required authorization step. Versions prior to 2026.5.6 fail to enforce the `approvalPolicy: pending` gate when agent tool calls include `apply: true`, effectively granting unauthorized write access to skill configurations. No public exploit code has been identified at time of analysis; a vendor-released patch is available.
Authorization bypass in OpenClaw prior to 2026.5.6 allows authenticated Telegram users to circumvent the commands.allowFrom sender allowlist by invoking interactive callbacks that mark the caller as authorized before validation runs. Reported by VulnCheck with a vendor patch available, this CWE-863 flaw lets attackers execute restricted command behaviors outside configured Telegram sender restrictions, though no public exploit identified at time of analysis.
Command execution bypass in OpenClaw before 2026.5.12 lets low-privileged remote users smuggle inline shell content past exec allowlist revalidation by combining POSIX shell flags into a single argument. The flaw exists because parsing logic treats grouped option characters differently from discrete flags, enabling unintended command paths when the affected exec feature is enabled. No public exploit identified at time of analysis, but the issue was reported by VulnCheck and a vendor advisory plus patch are available.
Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. No public exploit identified at time of analysis, but exploitation is trivial once the endpoint is reachable.
Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settings API endpoint during the first-run window to POST the _set_password parameter, persist an arbitrary password hash, and obtain a valid administrative session cookie. The flaw, reported by VulnCheck and tracked as an improper access control (CWE-306) issue, locks the legitimate operator out of their own instance and grants full administrative control. No public exploit identified at time of analysis, but an upstream fix landed in release v0.51.358.
Local privilege escalation and self-defense bypass in CyberArk (Palo Alto Networks) Idira Endpoint Privilege Manager Agent versions prior to 26.5 allows an authenticated local attacker to circumvent internal cryptographic validation and agent tamper-protection controls. Successful exploitation lets the attacker disable EPM enforcement and execute unauthorized operations on the endpoint, undermining the very privilege-management protections the product is meant to provide. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox restriction bypass in macOS prior to Tahoe 26.1 allows a locally-installed malicious app to access sensitive user data outside its permitted sandbox scope. The flaw stems from improper access control (CWE-284) in the macOS application sandbox, a core security boundary meant to isolate app access to system resources. SSVC assessment confirms no known active exploitation and the attack is not automatable, while CVSS signals high confidentiality impact limited to local execution with low privileges.
Unauthorized access to protected user data is possible in Apple macOS prior to Tahoe 26.1, where a locally installed application can bypass system permission boundaries (CWE-284) to read data normally gated by TCC/entitlement controls. Apple has shipped a fix that adds additional restrictions, and no public exploit has been identified at time of analysis. The NVD CVSS vector advertises network exploitability, but the description clearly describes a local application abuse path, which materially changes the realistic risk picture.
Sandbox escape in Apple macOS prior to Sequoia 15.4 allows a locally installed application to break out of the App Sandbox and perform unauthorized actions outside its confinement boundary. Apple addressed the issue with improved checks; no public exploit identified at time of analysis, though SSVC rates technical impact as total.
Improper access control in Apple macOS allows a locally-executed app to cause unexpected system termination, effectively producing a denial-of-service condition against the host. All three actively-supported macOS release lines - Sequoia, Sonoma, and Ventura - are confirmed affected, with fixes delivered simultaneously across all three branches. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.01% at the 3rd percentile indicates negligible observed exploitation probability at time of analysis.
Improper access control via flawed authorization state management in Apple iOS/iPadOS (before 18.4) and macOS Sequoia (before 15.4) permits a locally installed app to leak sensitive user information without proper authorization. Fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4, as confirmed by Apple security advisories. No public exploit code has been identified and no active exploitation is recorded in CISA KEV at time of analysis, though SSVC flags the vulnerability as automatable with partial technical impact.
Signature metadata trust bypass in Apache CXF's JwsJsonContainerRequestFilter allows an attacker who can send JWS JSON-signed requests to inject unvalidated metadata - such as Content-Type or protected HTTP headers - by placing it in the first signature entry of a multi-signature JWS JSON token, even when that entry's signature was never verified. Affected deployments using the cxf-rt-rs-security-jose-jaxrs module may incorrectly trust attacker-controlled content type or header values, steering JAX-RS entity parsing or signed-header consistency checks in unintended ways. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-released patches 4.2.2 and 4.1.7 were published June 10, 2026.
Authentication bypass in Idira Secrets Manager SaaS Edge prior to version 1.8 allows remote unauthenticated attackers to obtain valid access tokens by submitting specially crafted requests that subvert internal validation logic. Reported by Palo Alto Networks researchers and tracked under CyberArk Security Bulletin CA26-20, the flaw carries a CVSS 4.0 score of 9.1 (Critical) due to high confidentiality and integrity impact on a product whose entire purpose is custody of enterprise secrets. There is no public exploit identified at time of analysis, but the secrets-management use case makes any token theft a high-leverage compromise.
Cross-tenant AutoMod rule deletion in Quest Bot (Discord bot) prior to 1.0.5 lets a user with Manage Server permission in any guild delete AutoMod rules belonging to other guilds. The flaw stems from looking up rules by global database ID without verifying guild ownership, and rule IDs are discoverable via the bot's autocomplete feature. No public exploit identified at time of analysis, but the GitHub Security Advisory and patched release v1.0.5 are public.
Privilege escalation in Quest Bot Discord bot versions prior to 1.0.1 allows any guild member with slash-command access to invoke moderator-only /automod add, /automod remove, and /automod list commands due to missing Discord default permission requirements and absent runtime permission checks. Exploitation enables a low-privileged member to register automod rules matching common text patterns, causing the bot to delete other users' legitimate messages. No public exploit identified at time of analysis, but the trivial nature of the abuse and public advisory increase likelihood of weaponization in active Discord servers.
Improper access control in CyberArk Conjur Enterprise (Idira Secrets Manager Self-Hosted) versions 13.8.0 and earlier allows authenticated attackers with standard node-level credentials to abuse internal cluster endpoints to retrieve unauthorized secrets or trigger denial of service. The flaw is rated CVSS 4.0 base 8.4 with high confidentiality impact extending to subsequent systems, but no public exploit identified at time of analysis. CyberArk has published Security Bulletin CA26-20 alongside fixed releases.
Server-side request forgery in Kolibri (pip/kolibri <= 0.19.3) allows network-reachable attackers to force the Kolibri server to issue outbound HTTP requests to arbitrary internal hosts, cloud metadata endpoints, and internal services, with JSON response bodies reflected directly to the caller. The primary GET endpoint at /api/auth/remotefacilityuser required no authentication whatsoever, making this exploitable by any party with network access to the Kolibri server. A working proof-of-concept was retained internally by the reporting researcher but was not published; no public exploit code exists and CISA KEV listing has not been identified at time of analysis.
Authentication bypass in Apache CXF's OAuth2 TokenIntrospectionService allows unauthenticated network access to the token introspection endpoint due to a missing 'throw' keyword in the internal security context check, causing the guard to silently pass rather than reject unauthorized callers. Affected are deployments using cxf-rt-rs-security-oauth2 versions 4.2.0-4.2.1 and all 4.1.x releases before 4.1.7 that relied solely on CXF's built-in check without independent authentication at the container or gateway layer. No public exploit code or active exploitation has been identified; vendor-confirmed patches (4.2.2 and 4.1.7) were released June 10, 2026.
Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.
Insecure direct object reference (IDOR) in IBM Langflow OSS 1.0.0 through 1.9.1 allows an authenticated user to read or modify sensitive resources belonging to other users by manipulating object identifiers. The flaw carries a CVSS 8.1 (High) rating due to high confidentiality and integrity impact over the network, though EPSS exploitation probability remains low at 0.04% and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' but flags the issue as automatable with partial technical impact, indicating defenders should still prioritize patching given the trivial attack complexity.
Authenticated information disclosure in openSIS Classic 9.3 lets any logged-in user with messaging-module access read other users' sent messages by tampering with the mail_id parameter sent to modules/messaging/SentMail.php. The flaw is a textbook insecure direct object reference (CWE-639) with no public exploit identified at time of analysis, though the upstream commit fixing it is published on GitHub, effectively documenting the vulnerable code path.
Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API access token from pipeboard-co/meta-ads-mcp through version 1.0.108 when the server is run with the streamable-HTTP transport on a network-reachable port. The AuthInjectionMiddleware silently forwards requests lacking an Authorization or X-PIPEBOARD-API-TOKEN header, tool handlers fall back to the META_ACCESS_TOKEN environment variable, and Graph API error responses echo the request URL - including the token query parameter - back to the caller. A working proof-of-concept is published in GHSA-9gw6-46qc-99vr; no public exploit identified at time of analysis as a separate weaponized tool, but the PoC is sufficient to reproduce end-to-end.
Route-level authentication bypass in Traefik's StripPrefix middleware allows unauthenticated remote attackers to reach protected backend endpoints (e.g., /admin, /internal/config) by crafting request paths such as /api../admin or /api%2e%2e/admin. The public router matches before path normalization, but StripPrefix subsequently normalizes the path via JoinPath() so the backend receives the protected path without the authentication middleware ever running. Publicly available exploit code exists (full PoC in the advisory), patches are released, and EPSS sits at 0.22% (45th percentile) with no CISA KEV listing.
XML injection in guzzlehttp/guzzle-services allows unauthenticated remote attackers to smuggle arbitrary XML elements into outgoing API requests by embedding the CDATA terminator `]]>` in attacker-controlled input. The PHP XMLWriter::writeCData() call used by the request serializer for values containing `<`, `>`, or `&` terminates the CDATA section prematurely when the payload contains `]]>`, causing the remainder to be interpreted as raw XML markup by the downstream service. Depending on downstream service behavior, this can enable privilege escalation, parameter boundary bypass, or operation semantic manipulation — the advisory's canonical example shows injection of a `<Role>admin</Role>` element that a receiving service may honor. No public exploit has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.8.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.6.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect authorization checks in GitLab CE/EE expose confidential issue details to authenticated low-privileged users under specific conditions. The flaw spans an enormous version range starting from 12.0, meaning a large population of self-hosted GitLab instances running unpatched versions is potentially affected. A publicly available exploit was disclosed via HackerOne (report #3578216), which elevates practical risk above what the low CVSS score of 3.1 alone suggests, even though active exploitation has not been confirmed by CISA KEV.
Incorrect authorization enforcement in GitLab CE/EE exposes hidden merge requests to unauthorized modification by authenticated users holding developer-role permissions. The flaw spans a wide version range - from 15.10 through the patched releases 18.10.8, 18.11.5, and 19.0.2 - meaning a large proportion of self-managed GitLab deployments are potentially affected. A publicly available proof-of-concept exists via a disclosed HackerOne report, raising the practical exploitation risk beyond what the medium CVSS score alone suggests; no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.
Incorrect authorization enforcement in GitLab Enterprise Edition allows an authenticated user holding the Security Manager role to manage project security configurations even when the relevant security feature has been administratively disabled. Affecting all EE versions from 13.9 through the patched releases (18.10.8, 18.11.5, 19.0.2), the flaw bypasses the feature-disabled gate by failing to validate feature state alongside role-based permissions. No public exploit is confirmed as actively exploited (not in CISA KEV), though a publicly available HackerOne exploit report exists, and EPSS data was not provided in available intelligence.
Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack other group members' accounts through improper authorization in the Group SAML identity management functionality. Publicly available exploit code exists via a HackerOne report, and GitLab released patched versions 18.10.8, 18.11.5, and 19.0.2 on 2026-06-10. The flaw stems from CWE-639 (Authorization Bypass Through User-Controlled Key) and yields a scope-changing high-impact compromise per CVSS 3.1.
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attackers to forge OIDC identity tokens and obtain fully authenticated technician sessions, because the server accepts ID tokens without verifying their cryptographic signature. Publicly available exploit code exists and the flaw can also bypass MFA in some configurations, making vulnerable remote-support deployments a high-priority target despite no current CISA KEV listing.
Denial of service in Capgo Console versions prior to 12.28.2 allows an authenticated attacker to lock legitimate users out of authentication and onboarding flows by triggering account deletion while a device identifier is bound to the active session. The platform incorrectly persists the deletion state against the device identifier rather than the account, causing the affected browser or device to be redirected to an account-disabled page for roughly 30 days. No public exploit identified at time of analysis, but a vendor patch and GHSA advisory (GHSA-qmrm-qgwr-55jf) have been published following disclosure by VulnCheck.
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding group-link permissions to promote themselves or other group members to team or channel administrator by setting the scheme_admin flag through group syncable link and patch API endpoints. The flaw stems from missing role-management authorization checks, and with a CVSS of 8.8 (network, low complexity, low privileges) it enables tenant-wide takeover of collaboration workspaces; no public exploit identified at time of analysis.
Mattermost's team creation API endpoint (POST /api/v4/teams) fails to enforce the PermissionInviteUser authorization check, allowing authenticated users holding only PermissionCreateTeam to configure invite-controlled team settings - including making a team publicly joinable via open invite and restricting membership by allowed domains - that they are explicitly prohibited from setting on existing teams. Affected versions span the 10.11.x, 11.5.x, and 11.6.x release trains up to their respective latest builds. No public exploit identified at time of analysis, and the flaw has not been listed in CISA KEV.
Privilege escalation in Mattermost collaboration platform allows authenticated users holding delegated user-management permissions to modify built-in system role permissions via the role patch API, bypassing a required system-level permission check. Affects Mattermost 10.11.x through 10.11.16, 11.5.x through 11.5.4, and 11.6.x through 11.6.1. No public exploit identified at time of analysis; EPSS is very low (0.03%) and the SSVC framework reports no observed exploitation.
Account takeover in Cap-go (Capgo) versions prior to 12.128.2 allows an attacker holding a temporary authenticated session to change the account's registered email address without re-authentication (no password or MFA prompt), then trigger a password reset to attacker-controlled inbox and seize the account. The flaw, reported by VulnCheck and tracked as a missing-authentication weakness (CWE-306), has a vendor patch but no public exploit identified at time of analysis.
Authorization bypass in ChromaDB's Python implementation lets authenticated tenants reach data outside their authorization boundary by invoking the V1 collection-level REST endpoints, which forward None as both the tenant and database identifiers to the authorization layer. The flaw, disclosed by HiddenLayer, exposes high-impact reads and writes to cross-tenant collections in this Python vector database. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
CRLF injection in SwiftNIO's outbound HTTP/1.1 start line handling enables HTTP request smuggling and HTTP response splitting in applications built on swift-nio 2.0.0 through 2.99.0. The validators NIOHTTPRequestHeadersValidator and NIOHTTPResponseHeadersValidator enforce header field name and value correctness but leave the request URI, HTTP method, and response reason phrase unvalidated, allowing CR/LF sequences to be injected by any attacker who controls those fields. Successful exploitation can smuggle arbitrary HTTP requests past intermediaries, bypass WAF rules, or poison shared web caches. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, exploitation in vulnerable proxy deployments is described as low-effort by the advisory authors.
{"$gt": ""}`) to be interpreted as query logic rather than literal values. No public exploit is independently catalogued (KEV not listed), but a proof-of-concept TypeScript payload is included in the vendor advisory, and EPSS sits at 0.03% (8th percentile), indicating low observed exploitation activity at time of analysis.
Authorization bypass in jpillora/chisel through version 1.11.4 allows any authenticated client to tunnel TCP traffic to arbitrary host:port destinations reachable from the chisel server, completely defeating the --authfile ACL. The server enforces remote-address restrictions only during the initial config handshake but never re-validates the destination encoded in SSH channel ExtraData, so a client that authenticates with a permitted remote can immediately open channels to any address. Publicly available exploit code exists (full PoC published in the GHSA advisory), though EPSS is low at 0.02% and the issue is not in CISA KEV.
Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.
Open redirect / OAuth redirect_uri validation bypass in the Aqara Cloud OAuth authorization endpoint (open-cn.aqara.com/oauth/authorize) allows remote attackers to coerce the IdP into redirecting authorization responses to attacker-controlled hosts due to lax domain-matching logic. With user interaction the flaw can be abused to steal OAuth authorization codes or tokens issued to legitimate Aqara client applications, enabling account takeover of Aqara smart-home accounts. No public exploit identified at time of analysis, though a referenced GitHub repository (xn0tsa/theres-no-place-like-home) and the runZero advisory describe the issue publicly.
Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.
Missing authentication in the Aqara Board service (op-test.aqara.com) lets remote, unauthenticated attackers submit arbitrary MQTT command payloads that the exposed debug/test API relays to the platform's HiveMQ broker without any credential check. Publicly available proof-of-concept exploit code exists (SSVC: poc), and while EPSS is low (0.06%), runZero documents this as one link in a chain (CVE-2026-50082 through -50085) that together enables a fully unauthenticated remote takeover of affected devices. It is not listed in CISA KEV, so active exploitation in the wild is not confirmed.
Broken authorization in the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) allows any valid developer token to operate against arbitrary user accounts, breaking tenant isolation across the platform. Discovered and disclosed by runZero, the issue stems from missing authorization checks (CWE-862) and, when chained with CVE-2026-50082/50083/50085, enables fully unauthenticated remote takeover of affected smart-home devices. No public exploit identified at time of analysis, though a related researcher repository is referenced in the advisory.
Authentication bypass in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) stems from a hardcoded OAuth client credential shipped in the identity backend, letting remote attackers impersonate a trusted OAuth client and subvert the single sign-on trust boundary. Discovered by runZero and tracked as EUVD-2026-36473, it carries a critical CVSS of 9.8 and a proof-of-concept is publicly available, though EPSS (0.03%) shows no evidence of widespread automated exploitation. On its own it compromises the SSO/authorization layer, but chained with CVE-2026-50082, CVE-2026-50084, and CVE-2026-50085 it enables a fully unauthenticated remote takeover of affected devices.
Unauthenticated developer token issuance in the Aqara Cloud Developer Portal (developer.aqara.com) allows any remote attacker to obtain a valid API token by supplying an arbitrary email address, with no ownership verification performed. This is the entry point of a documented four-CVE attack chain (CVE-2026-50082 through CVE-2026-50085) that, when exploited in sequence, enables full takeover of Aqara smart home devices belonging to the victim account. A public proof-of-concept exists on GitHub; no public exploit identified at time of analysis for active exploitation, but the zero-prerequisite nature of this flaw makes it trivially automatable.
Cross-tenant data access in the ChromaDB Rust implementation (version 1.0.0 and later) lets any authenticated tenant user read, write, update, or delete data inside collections owned by other tenants because the server does not validate that the caller's tenant matches the target resource. The flaw, reported by HiddenLayer and tracked as CWE-639, breaks the tenant isolation boundary that multi-tenant ChromaDB deployments rely on, and no public exploit identified at time of analysis.
Cross-tenant data access in ChromaDB Python project version 0.4.17 and later allows any authenticated user to read, write, update, or delete data in collections belonging to other tenants, breaking the tenant isolation boundary that multi-tenant deployments rely on. The flaw, reported by HiddenLayer and tracked under CWE-639, carries a CVSS 4.0 score of 8.8 reflecting high confidentiality and integrity impact on both the vulnerable system and downstream tenants. No public exploit identified at time of analysis and not listed in CISA KEV.
Missing authorization checks on multiple Frappe framework endpoints allow remote unauthenticated attackers to access and modify resources without permission. All Frappe installations on the 15.x branch prior to 15.107.0 and the 16.x branch prior to 16.17.0 are affected. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% reflects minimal current exploitation activity, though the attack requires no credentials or special preconditions.
Improper access control in Frappe Framework (all versions prior to 16.17.4) allows any authenticated user to retrieve private files by guessing their server-side file path, bypassing intended authorization restrictions. The flaw is classified under CWE-284 (Improper Access Control) and affects the file-serving layer of the framework, which underlies widely deployed applications such as ERPNext. No public exploit code has been identified at time of analysis, and exploitation probability is very low per EPSS (0.02%, 7th percentile), though the low attack complexity makes it straightforward for any credentialed user to attempt.
Improper access control in Frappe prior to 16.17.4 permits any authenticated user to modify any field in any Onboarding Step record, bypassing expected privilege restrictions. Affected deployments running versions below 16.17.4 expose their onboarding configuration data to unauthorized tampering by low-privileged users. EPSS is extremely low (0.02%, 5th percentile), no public exploit code has been identified, and the vulnerability is not listed in CISA KEV, suggesting no observed active exploitation at time of analysis.
Missing authorization in Frappe allows any authenticated low-privileged user to invoke the onboarding reset function and wipe onboarding state for all users system-wide, affecting all releases before 15.107.2 and 16.17.4. The CWE-862 root cause indicates the reset endpoint performs no role or privilege check before executing a privileged, system-wide operation. No public exploit code exists and EPSS sits at 0.02% (5th percentile), placing real-world exploitation risk at the lower end despite the disruptive potential of forcing every user through onboarding flows on next login.
Insecure Direct Object Reference (IDOR) in the Frappe full-stack web application framework exposes email configuration details of arbitrary users to any authenticated account. The flaw exists in versions prior to 15.107.0 (v15 branch) and 16.17.0 (v16 branch), allowing a low-privilege authenticated attacker to enumerate and read email settings belonging to other users by manipulating object references in requests. No public exploit has been identified and the issue is not listed in CISA KEV, though the low EPSS score (0.02%) and network-accessible vector warrant patching, particularly for multi-tenant Frappe deployments.
Authentication bypass in Related Marketing Cloud (RMC) by Hedef Media Promotion Interactive Media Marketing Inc. exposes unauthenticated remote attackers to credential brute-forcing via a spoofing weakness (CWE-290), allowing them to circumvent authentication controls without prior access. All RMC versions through 12052026 are affected, and the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no privileges, no user interaction, and no special network positioning. No public exploit code or CISA KEV listing has been identified at time of analysis; the advisory originates from TR-CERT via the Turkish national cybersecurity authority.
Unauthorized resource access in the Frappe web application framework exposes the submit_discussion() endpoint to unauthenticated network callers who can bypass access controls and write discussion data to resources they do not own. All Frappe deployments running versions prior to 15.107.0 (v15 branch) or 16.17.0 (v16 branch) are affected, with impact limited to low-severity integrity writes and no confidentiality or availability consequence. No public exploit code exists and EPSS probability is 0.03% (9th percentile), indicating low opportunistic exploitation pressure despite the unauthenticated network attack vector.
Unauthenticated remote access to user-defined REST endpoint OpenAPI specifications is possible in Devolutions PowerShell Universal 2026.1.7 and earlier due to improper access control (CWE-306). Any network-reachable attacker without credentials can retrieve the full OpenAPI specification of internally defined REST APIs, exposing endpoint paths, parameters, and operational structure that administrators intended to be non-public. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, zero-authentication network vector makes enumeration trivially automatable.
Hard-coded MQTT broker credentials in Yarbo Android and iOS applications allow remote unauthenticated attackers to subscribe to and publish on the cloud MQTT brokers serving the entire global Yarbo robot fleet. Because the credentials are identical across all users and devices and trivially extractable via APK decompilation, anyone knowing a target robot's serial number can read its telemetry or send arbitrary commands. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CISA ICS advisory reflect the systemic, fleet-wide nature of the exposure.
Authorization bypass in Yarbo's cloud MQTT infrastructure allows any authenticated client to subscribe to wildcard topics covering the entire global robot fleet and to publish commands to any robot using only its serial number, which is itself disclosed in the telemetry stream. The flaw affects both the Yarbo Android/iOS mobile application and the backing cloud MQTT broker, and no public exploit identified at time of analysis, but the design defect means a single compromised credential yields fleet-wide control.
Authentication bypass in Başbelen Group's Pause+ Mobile App versions 1.0.6 through 1.4.x allows remote attackers to defeat login protections by exhausting authentication attempts without lockout, per CWE-307. The CVSS 9.8 score and PR:N/UI:N vector indicate unauthenticated network-based exploitation against any user account, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Route-rule middleware bypass in Nuxt 3.11.0-3.21.6 and 4.0.0-4.4.6 allows remote attackers to evade routeRules-defined protections (authentication, redirects, headers, prerender/SSR controls) by simply varying URL case, because vue-router matches paths case-insensitively while the routeRules matcher matched case-sensitively. The fix in 3.21.7 and 4.4.7 lowercases the path before matching. EPSS is 0.02% and no public exploit is identified at time of analysis, but the underlying class is trivially abused once an asymmetric rule is known.
Discord role hierarchy bypass in Quest Bot (open-source Discord moderation bot) prior to version 1.1.6 allows moderators to perform privileged actions against users ranked above them in the server role hierarchy. Any moderator holding the relevant Discord permission bit can ban, kick, timeout, untimeout, warn, or rename higher-ranked members so long as the bot itself outranks the target. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authorization bypass in Quest Bot Discord bot prior to version 1.1.6 lets low-privilege guild members invoke the purge and slowmode commands in channels where their channel-level permissions explicitly deny moderation. The bot only validates guild-wide permissions on the invoking member and ignores Discord's per-channel permission overrides, so a user excluded from moderating a specific channel can still delete messages and alter slowmode there. No public exploit identified at time of analysis, and the issue is patched in v1.1.6.
Hardcoded database credentials in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X platform) allow remote unauthenticated attackers to authenticate to the backend database with administrative privileges. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects trivial network-accessible exploitation with full confidentiality, integrity, and availability impact. The flaw is reported by TWCERT and tagged as an Authentication Bypass.
Information disclosure in IEI Integration Corp's iRM-IEI Remote Management (iRM-TSI410X) allows unauthenticated remote attackers to retrieve partial system configuration data by invoking a specific function that lacks authentication enforcement. The flaw is reported by TWCERT and carries a CVSS 4.0 base of 7.9, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.
Unauthorized camera and microphone access in Heptabase by Hepta Platforms is achievable by unauthenticated remote attackers who social-engineer a victim into opening a malicious webpage inside the application, exploiting an exposed dangerous method (CWE-749) that bypasses normal permission gating. The attack yields high confidentiality impact - real-time audio and video capture - with no privileges required on the attacker's side, constrained only by the need for active victim interaction. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, though the surveillance-class outcome makes it attractive for targeted campaigns.
Command restriction bypass in the SSH service of Cellopoint CelloOS allows authenticated remote attackers to escape the restricted shell and execute arbitrary operating system commands beyond their authorized scope. The flaw is tracked as an Improper Access Control issue (CWE-1284) and was disclosed by Taiwan's TWCERT with a CVSS 4.0 score of 8.7. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Improper access control in Ubiquiti UniFi OS allows network-adjacent attackers to make unauthorized configuration changes to UniFi Dream Machine, Cloud Gateway, and Express gateway devices under certain network configurations. The flaw, scored CVSS 8.1 with full CIA impact, requires no authentication (PR:N) but has high attack complexity (AC:H), and no public exploit identified at time of analysis. Disclosed via HackerOne and addressed in Ubiquiti Security Advisory Bulletin 065.
Privilege escalation in phpBB allows an authenticated administrator with limited rights to grant themselves permissions beyond their authorized scope through the Administration Control Panel (ACP), enabling elevation to full administrative control over the forum. The flaw stems from improper verification of access permissions when permissions are modified via the ACP, and no public exploit identified at time of analysis. With CVSS 7.2 (PR:H) and no KEV listing, this is a meaningful but not panic-level risk that primarily threatens multi-admin phpBB deployments where administrative duties are intentionally segmented.
Cross-tenant privilege escalation in WebPros WordPress Toolkit prior to 6.11.0 (as bundled with cPanel & WHM) allows an authenticated low-privilege account holder to inject arguments into the wp-toolkit CLI and execute commands in the context of another tenant on the same shared server. With a CVSS of 9.9 and scope change, a single compromised hosting account can pivot to siblings on the same host. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Account hijacking in phpBB is possible due to improper authentication checks in the OAuth implementation, affecting default installations even when OAuth is not configured or enabled. Remote unauthenticated attackers can gain unauthorized access to arbitrary accounts on the forum platform, with no public exploit identified at time of analysis despite the critical 9.8 CVSS score.
ClipBucket v5's subtitle management feature lacks ownership verification, enabling any authenticated user to upload, rename, or delete subtitle tracks on videos belonging to other users. All releases prior to version 5.5.3 - #133 (CPE: cpe:2.3:a:macwarrior:clipbucket-v5) are affected. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, though the low attack complexity and network accessibility present credible risk in any multi-user ClipBucket deployment.
Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior to 26.8.1) allows a remote attacker to abuse an authenticated user's browser session by luring them to a malicious page. Per CyberArk bulletin CA26-21, the extension's internal web-page verification routine fails to correctly enforce origin checks (CWE-346), enabling unauthorized application interaction in the victim's identity context. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high confidentiality impact and subsequent-system impact via the identity SaaS the extension brokers.
Site isolation bypass in Google Chrome for Android (versions prior to 149.0.7827.115) enables an attacker who has already achieved renderer process compromise to cross origin boundaries via a crafted HTML page, potentially exposing password data managed by the browser's Passwords component. The vulnerability is rooted in CWE-346 (Origin Validation Error) - Chrome's Passwords implementation on Android fails to properly enforce origin checks in the context of a compromised renderer. No public exploit identified at time of analysis; the low CVSS base score of 3.1 reflects that exploitation is dependent on a prior renderer compromise, making this a chained-exploitation concern rather than a standalone critical risk.
Same-origin policy bypass in Google Chrome's DevTools component exposes all Chrome versions prior to 149.0.7827.115 to cross-origin integrity violations when a victim visits a crafted HTML page. The root cause (CWE-346) is insufficient origin validation within DevTools policy enforcement, allowing a remote unauthenticated attacker to circumvent the browser's fundamental isolation boundary and tamper with cross-origin content. No public exploit identified at time of analysis; EPSS of 0.02% (4th percentile) and absence of a CISA KEV listing indicate currently low real-world exploitation pressure despite the High Chromium severity rating.
Site isolation bypass in Google Chrome's Extensions implementation (prior to 149.0.7827.115) enables an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. This is a chained exploit primitive - it cannot be weaponized standalone and requires a preceding renderer compromise, limiting its practical severity despite the network delivery vector. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis. The low CVSS score of 3.1 reflects the high attack complexity and constrained confidentiality impact.
Authenticated format string vulnerability in the ONVIF service of TP-Link Tapo C110 v2 cameras allows adjacent-network attackers with valid credentials to manipulate stack memory and redirect execution to internal functions, triggering an unauthorized factory reset. Successful exploitation wipes configuration, deletes stored credentials, and disrupts video surveillance service. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Path traversal in WsgiDAV 4.3.3 allows WebDAV clients to read, write, or delete files outside the configured filesystem share root when a sibling directory's name shares a prefix with the share root. The flaw lives in FilesystemProvider._loc_to_file_path(), which performs a string-prefix containment check instead of a path-boundary-aware one, and is reachable via URL-encoded dot segments such as /%2e%2e/. No public exploit is identified at time of analysis, but a proof-of-concept is described in the vendor advisory and a vendor-released patch exists (4.3.4).
Improper authorization in DevGuard versions prior to v1.4.2 allows any authenticated user on the instance - including users with no membership in the target organization, project, or asset - to perform write operations on vulnerability-triage endpoints of any public asset. The flaw lets attackers create, modify, or delete VEX rules, dependency-vulnerability events, license risks, external references, and artifacts, corrupting the integrity of published vex.json/sbom.json output consumed by downstream supply-chain users. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%, 11th percentile), reflecting the niche audience but not the integrity blast radius.
Inconsistent server-side scope enforcement in Filament's AttachAction and AssociateAction Select fields allows an authenticated low-privilege user to associate out-of-scope records by tampering with Livewire component state. Developers can scope which records appear in these Select dropdowns via `recordSelectOptionsQuery()`, but the built-in validation rule did not enforce the same scope - meaning the UI restriction was purely cosmetic and bypassable. Patches are available across all three affected major version lines; no public exploit or CISA KEV listing identified at time of analysis.
Authorization bypass in OpenClaw before 2026.4.24 allows local, low-privileged callers to circumvent owner-only tool policies and before-tool-call hooks via the MCP loopback feature. By routing requests through the affected loopback path, a non-owner principal can invoke tools that should be restricted to the owner role, effectively escalating effective privileges within the application. No public exploit code has been identified at time of analysis, but a vendor patch has been released and the vulnerability was reported by VulnCheck.
Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information during Control UI device pairing and escalate temporary shared access into durable, admin-capable device tokens that persist across token rotation. The flaw stems from insufficient locality-derived trust validation (CWE-290), enabling lateral conversion of low-privilege sessions into persistent administrative credentials. No public exploit identified at time of analysis, but a vendor patch and VulnCheck advisory are available.
Authorization bypass in OpenClaw before 2026.5.18 allows a paired node to forge exec lifecycle events and obtain capabilities reserved for nodes holding system.run authorization. By sending crafted node.event messages, an attacker controlling any peered node can steer gateway sessions into exec-event paths and execute privileged operations, with no public exploit identified at time of analysis.
Authorization bypass in OpenClaw before 2026.5.19 allows authenticated lower-trust users to read messages from channels outside their allowlist by abusing missing validation in message read actions. The flaw maps to CWE-862 (Missing Authorization) and carries a CVSS 4.0 score of 7.1 with high confidentiality impact; no public exploit identified at time of analysis, but a vendor patch is available.
Privilege escalation in OpenClaw before 2026.5.7 allows authenticated Matrix users to impersonate other identities by manipulating their mutable display name to match policy entries in the allowFrom feature. The flaw stems from authentication relying on a user-controlled attribute (CWE-290), letting attackers receive agent access intended for another Matrix identity. No public exploit identified at time of analysis, but a vendor patch and VulnCheck advisory are available.
OpenClaw's embedded runner policy incorrectly resolves provider aliases against other aliases rather than their canonical provider identities, enabling an authenticated local user to bypass intended provider policy restrictions. When the affected provider alias feature is active, a low-privileged attacker can select bundled tool access that falls outside the scope their policy should permit, effectively sidestepping the authorization boundary. No public exploit has been identified and no active exploitation is confirmed via CISA KEV; the local attack vector and required feature enablement materially limit real-world exposure.
Approval policy bypass in OpenClaw's Skill Workshop apply flow allows remote attackers to apply workshop configuration changes without completing the required authorization step. Versions prior to 2026.5.6 fail to enforce the `approvalPolicy: pending` gate when agent tool calls include `apply: true`, effectively granting unauthorized write access to skill configurations. No public exploit code has been identified at time of analysis; a vendor-released patch is available.
Authorization bypass in OpenClaw prior to 2026.5.6 allows authenticated Telegram users to circumvent the commands.allowFrom sender allowlist by invoking interactive callbacks that mark the caller as authorized before validation runs. Reported by VulnCheck with a vendor patch available, this CWE-863 flaw lets attackers execute restricted command behaviors outside configured Telegram sender restrictions, though no public exploit identified at time of analysis.
Command execution bypass in OpenClaw before 2026.5.12 lets low-privileged remote users smuggle inline shell content past exec allowlist revalidation by combining POSIX shell flags into a single argument. The flaw exists because parsing logic treats grouped option characters differently from discrete flags, enabling unintended command paths when the affected exec feature is enabled. No public exploit identified at time of analysis, but the issue was reported by VulnCheck and a vendor advisory plus patch are available.
Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. No public exploit identified at time of analysis, but exploitation is trivial once the endpoint is reachable.
Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settings API endpoint during the first-run window to POST the _set_password parameter, persist an arbitrary password hash, and obtain a valid administrative session cookie. The flaw, reported by VulnCheck and tracked as an improper access control (CWE-306) issue, locks the legitimate operator out of their own instance and grants full administrative control. No public exploit identified at time of analysis, but an upstream fix landed in release v0.51.358.
Local privilege escalation and self-defense bypass in CyberArk (Palo Alto Networks) Idira Endpoint Privilege Manager Agent versions prior to 26.5 allows an authenticated local attacker to circumvent internal cryptographic validation and agent tamper-protection controls. Successful exploitation lets the attacker disable EPM enforcement and execute unauthorized operations on the endpoint, undermining the very privilege-management protections the product is meant to provide. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox restriction bypass in macOS prior to Tahoe 26.1 allows a locally-installed malicious app to access sensitive user data outside its permitted sandbox scope. The flaw stems from improper access control (CWE-284) in the macOS application sandbox, a core security boundary meant to isolate app access to system resources. SSVC assessment confirms no known active exploitation and the attack is not automatable, while CVSS signals high confidentiality impact limited to local execution with low privileges.
Unauthorized access to protected user data is possible in Apple macOS prior to Tahoe 26.1, where a locally installed application can bypass system permission boundaries (CWE-284) to read data normally gated by TCC/entitlement controls. Apple has shipped a fix that adds additional restrictions, and no public exploit has been identified at time of analysis. The NVD CVSS vector advertises network exploitability, but the description clearly describes a local application abuse path, which materially changes the realistic risk picture.
Sandbox escape in Apple macOS prior to Sequoia 15.4 allows a locally installed application to break out of the App Sandbox and perform unauthorized actions outside its confinement boundary. Apple addressed the issue with improved checks; no public exploit identified at time of analysis, though SSVC rates technical impact as total.
Improper access control in Apple macOS allows a locally-executed app to cause unexpected system termination, effectively producing a denial-of-service condition against the host. All three actively-supported macOS release lines - Sequoia, Sonoma, and Ventura - are confirmed affected, with fixes delivered simultaneously across all three branches. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.01% at the 3rd percentile indicates negligible observed exploitation probability at time of analysis.
Improper access control via flawed authorization state management in Apple iOS/iPadOS (before 18.4) and macOS Sequoia (before 15.4) permits a locally installed app to leak sensitive user information without proper authorization. Fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4, as confirmed by Apple security advisories. No public exploit code has been identified and no active exploitation is recorded in CISA KEV at time of analysis, though SSVC flags the vulnerability as automatable with partial technical impact.
Signature metadata trust bypass in Apache CXF's JwsJsonContainerRequestFilter allows an attacker who can send JWS JSON-signed requests to inject unvalidated metadata - such as Content-Type or protected HTTP headers - by placing it in the first signature entry of a multi-signature JWS JSON token, even when that entry's signature was never verified. Affected deployments using the cxf-rt-rs-security-jose-jaxrs module may incorrectly trust attacker-controlled content type or header values, steering JAX-RS entity parsing or signed-header consistency checks in unintended ways. No public exploit code or CISA KEV listing has been identified at time of analysis; vendor-released patches 4.2.2 and 4.1.7 were published June 10, 2026.
Authentication bypass in Idira Secrets Manager SaaS Edge prior to version 1.8 allows remote unauthenticated attackers to obtain valid access tokens by submitting specially crafted requests that subvert internal validation logic. Reported by Palo Alto Networks researchers and tracked under CyberArk Security Bulletin CA26-20, the flaw carries a CVSS 4.0 score of 9.1 (Critical) due to high confidentiality and integrity impact on a product whose entire purpose is custody of enterprise secrets. There is no public exploit identified at time of analysis, but the secrets-management use case makes any token theft a high-leverage compromise.
Cross-tenant AutoMod rule deletion in Quest Bot (Discord bot) prior to 1.0.5 lets a user with Manage Server permission in any guild delete AutoMod rules belonging to other guilds. The flaw stems from looking up rules by global database ID without verifying guild ownership, and rule IDs are discoverable via the bot's autocomplete feature. No public exploit identified at time of analysis, but the GitHub Security Advisory and patched release v1.0.5 are public.
Privilege escalation in Quest Bot Discord bot versions prior to 1.0.1 allows any guild member with slash-command access to invoke moderator-only /automod add, /automod remove, and /automod list commands due to missing Discord default permission requirements and absent runtime permission checks. Exploitation enables a low-privileged member to register automod rules matching common text patterns, causing the bot to delete other users' legitimate messages. No public exploit identified at time of analysis, but the trivial nature of the abuse and public advisory increase likelihood of weaponization in active Discord servers.
Improper access control in CyberArk Conjur Enterprise (Idira Secrets Manager Self-Hosted) versions 13.8.0 and earlier allows authenticated attackers with standard node-level credentials to abuse internal cluster endpoints to retrieve unauthorized secrets or trigger denial of service. The flaw is rated CVSS 4.0 base 8.4 with high confidentiality impact extending to subsequent systems, but no public exploit identified at time of analysis. CyberArk has published Security Bulletin CA26-20 alongside fixed releases.
Server-side request forgery in Kolibri (pip/kolibri <= 0.19.3) allows network-reachable attackers to force the Kolibri server to issue outbound HTTP requests to arbitrary internal hosts, cloud metadata endpoints, and internal services, with JSON response bodies reflected directly to the caller. The primary GET endpoint at /api/auth/remotefacilityuser required no authentication whatsoever, making this exploitable by any party with network access to the Kolibri server. A working proof-of-concept was retained internally by the reporting researcher but was not published; no public exploit code exists and CISA KEV listing has not been identified at time of analysis.
Authentication bypass in Apache CXF's OAuth2 TokenIntrospectionService allows unauthenticated network access to the token introspection endpoint due to a missing 'throw' keyword in the internal security context check, causing the guard to silently pass rather than reject unauthorized callers. Affected are deployments using cxf-rt-rs-security-oauth2 versions 4.2.0-4.2.1 and all 4.1.x releases before 4.1.7 that relied solely on CXF's built-in check without independent authentication at the container or gateway layer. No public exploit code or active exploitation has been identified; vendor-confirmed patches (4.2.2 and 4.1.7) were released June 10, 2026.
Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.
Insecure direct object reference (IDOR) in IBM Langflow OSS 1.0.0 through 1.9.1 allows an authenticated user to read or modify sensitive resources belonging to other users by manipulating object identifiers. The flaw carries a CVSS 8.1 (High) rating due to high confidentiality and integrity impact over the network, though EPSS exploitation probability remains low at 0.04% and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' but flags the issue as automatable with partial technical impact, indicating defenders should still prioritize patching given the trivial attack complexity.
Authenticated information disclosure in openSIS Classic 9.3 lets any logged-in user with messaging-module access read other users' sent messages by tampering with the mail_id parameter sent to modules/messaging/SentMail.php. The flaw is a textbook insecure direct object reference (CWE-639) with no public exploit identified at time of analysis, though the upstream commit fixing it is published on GitHub, effectively documenting the vulnerable code path.
Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API access token from pipeboard-co/meta-ads-mcp through version 1.0.108 when the server is run with the streamable-HTTP transport on a network-reachable port. The AuthInjectionMiddleware silently forwards requests lacking an Authorization or X-PIPEBOARD-API-TOKEN header, tool handlers fall back to the META_ACCESS_TOKEN environment variable, and Graph API error responses echo the request URL - including the token query parameter - back to the caller. A working proof-of-concept is published in GHSA-9gw6-46qc-99vr; no public exploit identified at time of analysis as a separate weaponized tool, but the PoC is sufficient to reproduce end-to-end.
Route-level authentication bypass in Traefik's StripPrefix middleware allows unauthenticated remote attackers to reach protected backend endpoints (e.g., /admin, /internal/config) by crafting request paths such as /api../admin or /api%2e%2e/admin. The public router matches before path normalization, but StripPrefix subsequently normalizes the path via JoinPath() so the backend receives the protected path without the authentication middleware ever running. Publicly available exploit code exists (full PoC in the advisory), patches are released, and EPSS sits at 0.22% (45th percentile) with no CISA KEV listing.
XML injection in guzzlehttp/guzzle-services allows unauthenticated remote attackers to smuggle arbitrary XML elements into outgoing API requests by embedding the CDATA terminator `]]>` in attacker-controlled input. The PHP XMLWriter::writeCData() call used by the request serializer for values containing `<`, `>`, or `&` terminates the CDATA section prematurely when the payload contains `]]>`, causing the remainder to be interpreted as raw XML markup by the downstream service. Depending on downstream service behavior, this can enable privilege escalation, parameter boundary bypass, or operation semantic manipulation — the advisory's canonical example shows injection of a `<Role>admin</Role>` element that a receiving service may honor. No public exploit has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.8.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.6.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect authorization checks in GitLab CE/EE expose confidential issue details to authenticated low-privileged users under specific conditions. The flaw spans an enormous version range starting from 12.0, meaning a large population of self-hosted GitLab instances running unpatched versions is potentially affected. A publicly available exploit was disclosed via HackerOne (report #3578216), which elevates practical risk above what the low CVSS score of 3.1 alone suggests, even though active exploitation has not been confirmed by CISA KEV.
Incorrect authorization enforcement in GitLab CE/EE exposes hidden merge requests to unauthorized modification by authenticated users holding developer-role permissions. The flaw spans a wide version range - from 15.10 through the patched releases 18.10.8, 18.11.5, and 19.0.2 - meaning a large proportion of self-managed GitLab deployments are potentially affected. A publicly available proof-of-concept exists via a disclosed HackerOne report, raising the practical exploitation risk beyond what the medium CVSS score alone suggests; no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.
Incorrect authorization enforcement in GitLab Enterprise Edition allows an authenticated user holding the Security Manager role to manage project security configurations even when the relevant security feature has been administratively disabled. Affecting all EE versions from 13.9 through the patched releases (18.10.8, 18.11.5, 19.0.2), the flaw bypasses the feature-disabled gate by failing to validate feature state alongside role-based permissions. No public exploit is confirmed as actively exploited (not in CISA KEV), though a publicly available HackerOne exploit report exists, and EPSS data was not provided in available intelligence.
Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack other group members' accounts through improper authorization in the Group SAML identity management functionality. Publicly available exploit code exists via a HackerOne report, and GitLab released patched versions 18.10.8, 18.11.5, and 19.0.2 on 2026-06-10. The flaw stems from CWE-639 (Authorization Bypass Through User-Controlled Key) and yields a scope-changing high-impact compromise per CVSS 3.1.