Skip to main content

Authentication Bypass

31265 CVEs technique

Monthly

CVE-2026-11210 MEDIUM PATCH This Month

Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11204 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.

Apple Authentication Bypass Google Suse Chrome +1
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11197 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11193 MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote, unauthenticated attacker to bypass discretionary access control by delivering a crafted HTML page to a victim. Per the CVSS vector (C:N/I:N/A:H), the confirmed impact is high availability disruption - notably not credential exfiltration - suggesting the bypass degrades or denies Password Manager functionality rather than exposing stored credentials. No public exploit exists and EPSS sits at 0.02% (4th percentile), indicating no widespread exploitation pressure at time of analysis.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11190 MEDIUM PATCH This Month

Discretionary access control bypass in Google Chrome's Extensions subsystem affects all versions prior to 149.0.7827.53, enabling integrity compromise without exposing confidential data. Exploitation requires convincing a target user to install a crafted malicious Chrome Extension, placing social engineering at the center of any attack path. No public exploit code exists and no active exploitation has been confirmed; EPSS sits at 0.01% (1st percentile), indicating very low observed exploitation probability at time of analysis.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11189 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome DevTools (all versions prior to 149.0.7827.53) enables circumvention of browser navigation controls through a crafted malicious Chrome Extension. Exploitation requires convincing a target user to install the malicious extension, placing this firmly in social-engineering territory rather than opportunistic mass exploitation. EPSS is extremely low at 0.02% (4th percentile), no public exploit code has been identified, and there is no CISA KEV listing, making this a moderate-priority integrity-only issue despite the CVSS 6.5 score.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11187 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-11184 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-11181 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Media Session component (prior to 149.0.7827.53) enables remote attackers to violate cross-origin isolation via a crafted HTML page. The vulnerability stems from an inappropriate implementation (CWE-346: Origin Validation Error) in the Media Session API, which fails to properly enforce origin boundaries. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS sits at 0.02% (4th percentile), consistent with low observed exploitation activity.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-11179 HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to circumvent a core browser security boundary via a crafted HTML page. The flaw resides in the Opaque Response Blocking (ORB) implementation and requires user interaction (visiting a malicious page), with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating low near-term exploitation likelihood.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-11174 MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page, exposing high-confidentiality data from other origins loaded in the browser. This is a chained, second-stage exploit component: it does not function standalone but amplifies the impact of a separate renderer compromise by breaking Chrome's primary cross-site data isolation boundary. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low current exploitation probability despite the high confidentiality impact rating.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11142 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Paint component prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin integrity protections by inducing a user to visit a crafted HTML page. The flaw stems from insufficient policy enforcement in the Paint subsystem (CWE-639), enabling an attacker to write or manipulate content across origin boundaries, resulting in high integrity impact with no confidentiality or availability loss per the CVSS vector. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates very low current exploitation probability.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11135 MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Autofill subsystem (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to bypass discretionary access control, resulting in high-integrity impact when a victim visits a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms the attack is network-delivered, low-complexity, and requires no privileges, though user interaction is a prerequisite. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low observed exploitation pressure.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11133 MEDIUM PATCH This Month

Insufficient same-origin policy enforcement in Google Chrome's Paint rendering component (prior to 149.0.7827.53) allows unauthenticated remote attackers to bypass SOP boundaries via a crafted HTML page, resulting in high integrity impact against the victim's browser context. The attack requires user interaction (visiting a malicious page) but no authentication or elevated privileges. No public exploit code has been identified and no CISA KEV listing exists at time of analysis; EPSS is extremely low at 0.02% (4th percentile), indicating limited observed exploitation activity in the wild.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11132 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Paint component (all versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections by delivering a crafted HTML page to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms network-based, low-complexity exploitation with no privilege requirement, though victim interaction - visiting the attacker's page - is mandatory. No public exploit has been identified at time of analysis, and an EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation activity; this is not listed in CISA KEV.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11081 MEDIUM PATCH This Month

Same-Origin Policy bypass in Google Chrome's Canvas implementation affects all versions prior to 149.0.7827.53, allowing a remote unauthenticated attacker to violate cross-origin integrity guarantees through a crafted HTML page. The vulnerability carries a High integrity impact (I:H) with no confidentiality or availability consequence, meaning an attacker can write or manipulate cross-origin data rather than read it. No public exploit code has been identified at time of analysis, and EPSS at 0.02% (4th percentile) suggests minimal observed exploitation pressure currently.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11078 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's FileSystem API implementation affects all desktop versions prior to 149.0.7827.53, exploitable by a remote attacker who has already achieved renderer process compromise. Delivering a crafted HTML page to a victim who interacts with it triggers the flaw, resulting in high-integrity cross-origin impact with no confidentiality or availability consequence. No public exploit code exists and EPSS sits at 0.02% (6th percentile), but the integrity impact and its role as a renderer-escape pivot make it relevant to multi-stage exploitation chains.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11069 MEDIUM PATCH This Month

Same-origin policy bypass in the Cast component of Google Chrome (prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections via a crafted HTML page, requiring only that the target user visit the attacker-controlled page. The CVSS vector confirms high integrity impact with no confidentiality or availability consequence, indicating the attack allows unauthorized cross-origin writes or data manipulation rather than information disclosure. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) signals low observed exploitation interest despite the medium-severity Chromium classification.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11048 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Extensions subsystem (versions prior to 149.0.7827.53) allows an attacker who socially engineers a user into installing a crafted malicious extension to violate cross-origin boundaries, enabling unauthorized integrity impact against content from other origins. The CVSS vector (I:H, C:N) confirms the impact is write/modify-only - sensitive data exfiltration is not a direct consequence. No public exploit code or active exploitation has been identified at time of analysis; EPSS is negligible at 0.01% (1st percentile), consistent with the social-engineering prerequisite limiting mass exploitation.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11038 MEDIUM PATCH This Month

Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11036 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11026 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11025 MEDIUM PATCH This Month

Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11023 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11022 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11019 MEDIUM PATCH This Month

Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11018 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11017 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11016 MEDIUM PATCH This Month

Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11014 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11011 HIGH PATCH This Week

Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.

Authentication Bypass Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-11001 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Payments subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate what the victim sees during a payment flow, achieving high-integrity impact by deceiving users into authorizing fraudulent transactions or submitting payment credentials to attacker-controlled surfaces. The attack requires the victim to visit a crafted HTML page and perform specific UI gestures, as confirmed by the CVSS UI:R designation. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% at the 11th percentile indicates minimal current exploitation activity despite the network-reachable attack vector.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10997 MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 allows a crafted extension to bypass discretionary access controls (DAC), producing high-integrity impact with no confidentiality or availability consequence. Exploitation requires an attacker to socially engineer a user into installing a malicious extension, after which the extension subverts Chrome's permission boundary enforcement. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; EPSS is extremely low at 0.01% (1st percentile), consistent with no observed mass exploitation.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10996 MEDIUM PATCH This Month

Same Origin Policy bypass in Google Chrome's Workers implementation (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to violate cross-origin integrity boundaries by luring a victim to a crafted HTML page. The CVSS vector confirms no privileges are required but user interaction is necessary, yielding a High integrity impact with no confidentiality or availability consequence. No public exploit has been identified and EPSS stands at 0.02% (4th percentile), indicating no confirmed active exploitation at time of analysis.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10980 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's DevTools component (all versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to bypass SOP protections via a crafted HTML page, resulting in a high-integrity impact with no confidentiality or availability loss. The attack requires user interaction (victim must visit a malicious page) and a prior renderer process compromise as a chained prerequisite, materially constraining real-world exploitability beyond the raw CVSS score implies. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; EPSS probability stands at 0.02% (6th percentile), consistent with a low-probability exploitation scenario.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10938 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page. The vulnerability stems from inappropriate handling of the Input component (CWE-20: Improper Input Validation) within Chromium's renderer, allowing crafted input to undermine the site isolation security boundary and produce high-integrity impact against cross-origin resources. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.02% (6th percentile), consistent with the renderer pre-compromise prerequisite that constrains standalone exploitation.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10937 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Passwords component prior to version 149.0.7827.53 allows remote attackers to access cross-origin resources via a crafted HTML page that a victim must visit. Rated High severity by Chromium with a CVSS of 8.1, the flaw enables exposure or modification of sensitive data across origin boundaries when a user is lured to attacker-controlled content. EPSS probability is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, but a vendor patch is available.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10922 HIGH PATCH This Week

Same-origin policy bypass in Google Chrome's DevTools component prior to version 149.0.7827.53 allows remote attackers to violate browser security boundaries when victims perform specific UI gestures on attacker-controlled pages. The flaw stems from insufficient validation of untrusted input within DevTools and is rated High severity by Chromium with a CVSS of 8.8, though no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10912 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Extensions component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to perform unauthorized cross-origin actions via a crafted HTML page. The vulnerability stems from insufficient input validation (CWE-20) in the Extensions subsystem and carries a CVSS integrity impact of High with no confidentiality or availability loss. No active exploitation has been confirmed - EPSS sits at 0.02% (6th percentile), SSVC exploitation status is 'none', and the CVE is not listed in CISA KEV - but a vendor-released patch is available.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-5502 HIGH This Week

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Eos
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2024-27892 HIGH This Week

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2024-27890 HIGH This Week

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2024-27891 MEDIUM PATCH This Month

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Eos
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-48579 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Information disclosure in Microsoft Exchange Online allows remote unauthenticated attackers to access sensitive data due to improper authorization enforcement (CWE-285). The flaw carries a CVSS 9.1 score reflecting network-reachable exploitation without privileges or user interaction, though no public exploit identified at time of analysis. Microsoft has issued a fix through its cloud service, and the CVSS vector indicates high confidentiality and integrity impact despite the description focusing on disclosure.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-48567 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Privilege elevation in Microsoft Azure HorizonDB allows remote unauthenticated attackers to bypass authentication via identity spoofing and gain elevated access across trust boundaries. The CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction required, and a scope change indicating impact beyond the initially vulnerable component. No public exploit identified at time of analysis, but a Microsoft-issued patch is available via MSRC.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-41522 HIGH PATCH This Week

Authorization bypass in DFIR-IRIS prior to v2.4.28 allows any authenticated user to read IOCs across cases they should not access, perform bulk IOC disclosure, and create cases without role checks via an optional GraphQL endpoint at /graphql. No public exploit identified at time of analysis, but the trivial nature of the IDOR (simply supplying an arbitrary caseId to the GraphQL resolver) makes weaponization straightforward for anyone with valid platform credentials. EPSS data not provided; the vulnerability is not listed in CISA KEV.

Authentication Bypass Python
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-21404 MEDIUM CISA This Month

Hard-coded credentials embedded in NAVTOR NavBox's Windows Communication Foundation (SOAP) implementation allow a local low-privileged attacker to extract static credentials and authenticate against privileged WCF methods, enabling arbitrary file write or overwrite within application-defined paths. All NavBox versions through 4.16.1.20 are affected when the SOAP interface is enabled. CISA ICS-CERT has issued advisory ICSA-26-155-01 for this OT/maritime navigation product; no public exploit has been identified at time of analysis, though the ICS context elevates operational safety concern.

Authentication Bypass Microsoft Navbox Firmware
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-48016 PHP MEDIUM PATCH GHSA This Month

Unauthorized payment triggering in Shopware's `/store-api/handle-payment` endpoint allows any low-privileged Store API caller - including guest checkout contexts - to initiate or retry the payment flow for another customer's order by supplying a known foreign `orderId`. The flaw affects `shopware/platform` and `shopware/core` versions below 6.6.10.18 and versions 6.7.0.0 through 6.7.10.0, and is confirmed fixed in releases 6.6.10.18 and 6.7.10.1 per GitHub advisory GHSA-9v5m-39wh-5chq. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS score of 4.3 (Medium) reflects limited scope: integrity of order and payment workflows is the primary risk, with no direct confidentiality or availability impact.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-48014 PHP MEDIUM PATCH GHSA This Month

Order state transition endpoints in Shopware's Admin API expose a vertical authorization bypass (CWE-862) where authenticated low-privileged users can manipulate order lifecycle states - including cancellation, fulfillment, and payment transitions - without holding the required `order:update` ACL privilege. The structural gap exists across both the 6.6.x and 6.7.x release lines because the affected routes in `OrderActionController.php` carry no ACL metadata, causing `AclAnnotationValidator` to exit without enforcing any privilege check, and the downstream `StateMachineRegistry` then executes writes under `Context::SYSTEM_SCOPE`. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but exploitation is mechanically trivial for any authenticated Admin API user regardless of their assigned role.

PHP Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48008 PHP MEDIUM PATCH GHSA This Month

Privilege escalation in Shopware's Sync API allows an authenticated API user holding the `integration:create` ACL to self-elevate to full administrator by posting `admin: true` via `POST /api/_action/sync`. The dedicated `IntegrationController` correctly enforces an admin-only guard on this field, but the Sync API routes writes through `SyncService → EntityWriter::upsert()`, which only validates entity-level ACL and `WriteProtection` flags - neither of which are present on the `admin` BoolField in `IntegrationDefinition`. Affected are `shopware/platform` and `shopware/core` prior to 6.6.10.18 and prior to 6.7.10.1; no public exploit or CISA KEV listing is confirmed at time of analysis, though the attack is mechanically trivial for any credential holder with the prerequisite ACL.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47671 Go MEDIUM PATCH GHSA This Month

Unauthenticated cross-origin read and write access to local development secrets in the Nhost CLI configserver affects all developers running `nhost dev` with CLI versions prior to 1.46.0. The hidden `configserver` subcommand exposes a Mimir GraphQL API with no-op authorization middleware and wildcard CORS (`Access-Control-Allow-Origin: *`), allowing any web page from an arbitrary origin to exfiltrate Hasura admin secrets, JWT signing keys, webhook secrets, and Grafana credentials, or inject attacker-controlled values into the local `.secrets` file. Publicly available exploit code exists within the security advisory itself; this CVE is not listed in CISA KEV, so no confirmed active exploitation in the wild is established at time of analysis.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25550 CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 Bartender 2016 Bartender 2019
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-50266 PyPI LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2026-10815 LOW POC Monitor

Missing authorization on the Admin Dashboard endpoint of LakshayD02's Hostel-Management-System-PHP allows low-privileged authenticated users to manipulate the ID parameter in hostel/index.php to access or modify records beyond their permitted scope. All commits up to f87e67c283bab6f718faf2fec6ae39a13bd7036b are affected; the project uses no formal versioning, so no unaffected release exists. Publicly available exploit code exists, and the project maintainer had not responded to coordinated disclosure at time of reporting.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-45730 Go HIGH PATCH GHSA This Week

{id}) or delete (DELETE /api/projects) any project on the platform, triggering cascading deletion of associated Functions, APIGateways, and FunctionEvents. The write paths construct PermissionOptions without setting MemberIds, causing the platform-layer FilterProjectsByPermissions to short-circuit and skip OPA enforcement entirely. Publicly available exploit code exists (detailed working PoC in the advisory), and the issue is fixed in Nuclio 1.16.0 via PR #4107.

Authentication Bypass Python Docker Kubernetes
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-45337 npm HIGH PATCH GHSA This Week

Account takeover in Better Auth's deviceAuthorization plugin (versions >= 1.6.0, < 1.6.11) allows an authenticated attacker who learns a pending user_code to bind a victim's polling device to the attacker's session or deny the legitimate sign-in. The flaw stems from a missing ownership claim at the verification step combined with a short-circuited owner check on approve/deny endpoints. No public exploit identified at time of analysis, but the patch PR and detailed advisory provide a clear roadmap for exploitation.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-45056 Cargo MEDIUM PATCH GHSA This Month

Sender identity spoofing in matrix-sdk-crypto (Rust crate) versions 0.12.0 through 0.16.0 allows a malicious or colluding homeserver operator to forge the apparent sender of Olm-encrypted to-device messages by supplying manipulated `sender_device_keys` without a corresponding user ID validation check. The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and is patched in version 0.16.1. No public exploit code exists and this CVE is not listed in CISA KEV, but the attack's reliance on homeserver-level access defines a concrete and realistic threat model for federated Matrix deployments where server trust is not absolute.

Authentication Bypass
NVD GitHub
EPSS
0.1%
CVE-2026-44476 Ruby MEDIUM PATCH GHSA This Month

Authentication bypass in doorkeeper-openid_connect's Dynamic Client Registration feature allows any party with a known client_id to obtain OAuth access tokens without supplying a client_secret. The root defect is in DynamicClientRegistrationController#register (dynamic_client_registration_controller.rb:18-25), which hard-codes confidential: false on every dynamically registered application while simultaneously returning a client_secret in the response and advertising client_secret_basic/client_secret_post auth methods. Because Doorkeeper's Application.by_uid_and_secret accepts a nil secret as valid for public (non-confidential) clients, the secret returned at registration is functionally decorative - any caller can authenticate at the token endpoint using only the public client_id. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the advisory includes verbatim reproduction steps that document the bypass in full detail.

Authentication Bypass
NVD GitHub
EPSS
0.1%
CVE-2026-5228 HIGH This Week

Authorization bypass in Kurt Software Studio WriteUp Mobile App versions 1.3.0 through 04062026 allows authenticated users to access functionality outside their permitted scope, leading to high confidentiality, integrity, and availability impact. The flaw, reported by Turkey's national CERT (TR-CERT), stems from missing ACL enforcement on application functions reachable over the network with low privileges. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Writeup Mobile App
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10860 HIGH PATCH This Week

Authorization bypass in MISP versions through 2.5.38 lets authenticated users delete records via HTTP DELETE requests even after the application's delete-validation callback has rejected the operation. The root cause is an operator-precedence bug in the CRUDComponent::delete() handler where missing parentheses caused validation checks to be skipped for the DELETE method. No public exploit identified at time of analysis, but the upstream fix commit on GitHub publicly discloses the exact one-line vulnerable expression, making weaponization trivial.

Authentication Bypass Misp
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.0%
CVE-2019-25738 CRITICAL POC Act Now

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-10855 MEDIUM PATCH This Month

Authorization bypass in MISP's Event Template Importer allows authenticated users with template import privileges to overwrite event templates owned by other organizations on the same shared instance, violating inter-organizational data ownership boundaries. Versions up to and including 2.5.38 are affected; the overwrite workflow confirmed template existence but omitted an organizational ownership check, enabling cross-org template corruption. No public exploit code has been identified at time of analysis and SSVC signals no active exploitation, but the integrity impact is operationally significant in multi-tenant MISP deployments where organizational trust boundaries are critical.

Authentication Bypass Misp
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-62338 LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-45432 HIGH This Week

Credential disclosure in GX Earth ONT (Optical Network Terminal) devices allows remote attackers positioned on the network path to capture administrative authentication material by sniffing the unencrypted HTTP web management interface. The flaw scores CVSS 4.0 8.7 (High) with CWE-319 (Cleartext Transmission of Sensitive Information), and no public exploit identified at time of analysis, though interception techniques are well-understood and trivial to execute on shared media.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-50226 MEDIUM This Month

Hardcoded AES-128-CBC cryptographic keys embedded in the AcerConnect OTA application allow unauthenticated remote attackers to forge authorization credentials for arbitrary IMEI numbers against the Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019). Once credentials are forged, attackers can enumerate OTA catalog items and retrieve protected firmware binaries via pre-signed cloud storage links. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the static nature of the hardcoded key means any actor who obtains the application binary can trivially reproduce the attack.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-50225 HIGH This Week

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows remote attackers to exhaust storage by repeatedly invoking /v1/account/register without rate limiting, CAPTCHA, or other bot mitigation. The flaw affects firmware up to and including M6E_AI_1.00.000019 and carries a CVSS 4.0 score of 8.8 driven primarily by a high availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-4881 MEDIUM POC PATCH This Month

Server-level configuration changes can be made by any authenticated low-privilege user in Octopus Server through a specific API endpoint that fails to enforce authorization correctly, despite returning an error response to the caller. The flaw affects multiple active release lines - 2026.1.x, 2025.4.x, and 2023.x - and carries a CVSS 4.0 score of 6.0 with high availability impact on the vulnerable system. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Octopus Server
NVD VulDB GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-50213 HIGH This Week

Mass user data harvesting on the Acer Connect M6E 5G Portable WiFi Router is possible because the unauthenticated /v1/User/validate endpoint returns full user profile sheets keyed by predictable identifier strings. Remote attackers can iterate through identifiers to scrape every account's profile data without credentials, and no public exploit identified at time of analysis though the trivial attack pattern makes weaponization straightforward.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49204 MEDIUM This Month

Hard-coded AWS Cognito credentials embedded in leftover debug modules of the Acer Connect M6E 5G Portable WiFi Router expose internal cloud test sandbox environments to remote unauthenticated attackers. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no network proximity, and no user interaction is required, meaning any attacker who obtains the static credentials - through firmware extraction or disclosure - can authenticate to Acer's AWS Cognito-backed test infrastructure. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-49202 HIGH This Week

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets remote attackers retrieve sensitive recorded session data, and overly permissive CORS rules amplify the issue by enabling cross-origin theft from any web context a victim visits. CVSS 4.0 rates this 8.8 (high) with network attack vector, no privileges, and no user interaction; no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-49203 HIGH This Week

Unauthorized eSIM profile manipulation in the Acer Connect M6E 5G Portable WiFi Router allows adjacent attackers to rewrite or delete cellular eSIM profiles without authentication because management API endpoints fail to validate caller authorization. The flaw maps to CWE-287 (Improper Authentication) and is reported by Acer with CVSS 4.0 score 7.2, with no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-49194 CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a debug routine (SCREEN_CLICK opcode 5053) that skips the device login prompt and drops the caller directly into an interactive shell. CVSS 4.0 rates the issue 9.4 with scope change and high impact on confidentiality, integrity, and availability of both the router and connected subsystems; no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-49192 MEDIUM This Month

Insecure Direct Object Reference (IDOR) in the Acer Connect M6E 5G Portable WiFi Router's summary service endpoint allows authenticated remote users to access device data belonging to other users by supplying arbitrary hardware serial numbers the endpoint fails to validate against session ownership. The vulnerability affects all tracked versions per CPE data, requires only a valid authenticated session, and involves no user interaction or special configuration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-49191 CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded backend API keys through verbose error pages, enabling remote unauthenticated attackers to harvest credentials and gain full administrative control over the device. CVSS 4.0 scores this 9.3 (Critical) with no privileges or user interaction required, though no public exploit has been identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-49186 HIGH This Week

Authentication bypass on the local MQTT broker of the Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allows any connected client to subscribe with wildcard topics (# or +) and either enumerate hidden network devices or publish rogue control commands. CVSS 4.0 rates this 8.6 (High) with network attack vector and high confidentiality/integrity/availability impact; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-10597 MEDIUM This Month

Insecure Direct Object Reference in ITPison's OMICARD EDM (an email marketing platform) enables unauthenticated remote attackers to manipulate a specific request parameter to retrieve arbitrary users' email addresses without authorization. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms fully remote, zero-authentication exploitation requiring no user interaction, though impact is bounded to low-level confidentiality loss with no integrity or availability consequence. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Omicard Edm
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-10737 HIGH This Week

Unauthenticated information disclosure in the SP Project & Document Manager WordPress plugin (versions up to and including 4.71) allows remote attackers to enumerate file metadata and obtain download links for arbitrary files stored within project folders. The flaw stems from a broken authorization gate in the view_file AJAX handler where a negated nonce check is OR-chained with permission checks, causing the entire condition to evaluate true when no valid nonce is supplied. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects confidentiality-only impact with no integrity or availability consequences.

PHP Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-36180 MEDIUM This Month

Runtime integrity bypass on GNCC GP5 firmware v7.1.76 enables a physically-proximate unauthenticated attacker to circumvent file system read-only protections via a bind-mount attack, allowing arbitrary modification of system files and binaries for the current boot session. The device, an IoT platform, lacks enforcement of filesystem immutability at runtime, meaning a read-only mount can be shadowed by a writable bind-mount without detection. No public exploit has been confirmed beyond the published IoT vulnerability research linked in references, and exploitation probability is very low at 0.02% EPSS (4th percentile), consistent with the physical-access requirement.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-67446 CRITICAL Act Now

Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.

Authentication Bypass Session Fixation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-35904 CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35905 CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36175 MEDIUM This Month

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-36176 HIGH This Week

Plaintext exposure of pre-signed Backblaze B2 upload URLs in GNCC GP5 camera firmware v7.1.76 allows physically-proximate attackers with serial UART access to harvest live cloud storage tokens. The leaked PUT URLs enable unauthorized write operations against the device's Backblaze B2 cloud storage bucket until the tokens expire. No public exploit identified at time of analysis, though a public research write-up describing the issue is referenced.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-10777 MEDIUM POC This Month

Authentication bypass in ealpha072's Student-Management-System PHP application exposes the administrative backend to remote unauthenticated attackers via a flaw in admin/config.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero prerequisites - no privileges, no user interaction, no special attack conditions - and a proof-of-concept exploit is publicly available via a GitHub issue report. The vendor has not responded to responsible disclosure and no patched release has been issued, leaving all deployments at or before commit 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 without an official remediation path.

PHP Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-22055 MEDIUM This Month

Hard-coded credentials embedded in NetApp Active IQ OneCollect 2.7.3 allow any low-privileged authenticated user to perform unauthorized AutoSupport operations beyond their intended authorization scope. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible exploitation with low complexity, requiring only a low-privilege account with no special attack conditions. No public exploit has been identified and the vulnerability does not appear in the CISA KEV catalog at time of analysis.

Authentication Bypass Active Iq Onecollect
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-22054 MEDIUM This Month

Hard-coded credentials in NetApp Active IQ Config Advisor 6.7.3 enable authenticated low-privileged attackers to perform unauthorized AutoSupport operations against connected NetApp infrastructure. The embedded credentials bypass intended access controls, allowing any account holder to trigger or manipulate AutoSupport telemetry functions beyond their assigned privilege level. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.

Authentication Bypass Active Iq Config Advisor
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-8879 HIGH This Week

Denial of service in Securly Chrome Extension 3.0.7 allows remote attackers to render all web browsing unusable when the extension's filtering service is unreachable. The extension dynamically registers an undeclared content script (content13.min.js) at runtime via chrome.scripting.registerContentScripts(), hiding every page behind a full-page overlay until the service worker validates the page; if Securly's servers fail or are blocked, pages remain indefinitely blank. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile).

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8876 HIGH This Week

Hardcoded cryptographic secrets in Securly Chrome Extension version 3.0.7 allow remote attackers to decrypt sensitive crisis alert keyword lists and intervention site data shipped with the extension. The plaintext AES passphrases embedded in securly.min.js can be extracted by anyone who installs or inspects the extension, exposing the proprietary detection logic used to safeguard students. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at 0.02% (4th percentile), but the trivial extractability of the keys means any motivated actor can replicate the disclosure.

Google Authentication Bypass Chrome
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-41283 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.

RCE Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-46244 CRITICAL PATCH Act Now

Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.

Authentication Bypass Linux Memory Corruption
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.

Authentication Bypass Google Red Hat +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.

Apple Authentication Bypass Google +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.

Authentication Bypass Google Red Hat +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote, unauthenticated attacker to bypass discretionary access control by delivering a crafted HTML page to a victim. Per the CVSS vector (C:N/I:N/A:H), the confirmed impact is high availability disruption - notably not credential exfiltration - suggesting the bypass degrades or denies Password Manager functionality rather than exposing stored credentials. No public exploit exists and EPSS sits at 0.02% (4th percentile), indicating no widespread exploitation pressure at time of analysis.

Authentication Bypass Google
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Discretionary access control bypass in Google Chrome's Extensions subsystem affects all versions prior to 149.0.7827.53, enabling integrity compromise without exposing confidential data. Exploitation requires convincing a target user to install a crafted malicious Chrome Extension, placing social engineering at the center of any attack path. No public exploit code exists and no active exploitation has been confirmed; EPSS sits at 0.01% (1st percentile), indicating very low observed exploitation probability at time of analysis.

Authentication Bypass Google
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome DevTools (all versions prior to 149.0.7827.53) enables circumvention of browser navigation controls through a crafted malicious Chrome Extension. Exploitation requires convincing a target user to install the malicious extension, placing this firmly in social-engineering territory rather than opportunistic mass exploitation. EPSS is extremely low at 0.02% (4th percentile), no public exploit code has been identified, and there is no CISA KEV listing, making this a moderate-priority integrity-only issue despite the CVSS 6.5 score.

Authentication Bypass Google
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.

Authentication Bypass Google Red Hat +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.

Authentication Bypass Google Red Hat +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Media Session component (prior to 149.0.7827.53) enables remote attackers to violate cross-origin isolation via a crafted HTML page. The vulnerability stems from an inappropriate implementation (CWE-346: Origin Validation Error) in the Media Session API, which fails to properly enforce origin boundaries. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS sits at 0.02% (4th percentile), consistent with low observed exploitation activity.

Authentication Bypass Google
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to circumvent a core browser security boundary via a crafted HTML page. The flaw resides in the Opaque Response Blocking (ORB) implementation and requires user interaction (visiting a malicious page), with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating low near-term exploitation likelihood.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page, exposing high-confidentiality data from other origins loaded in the browser. This is a chained, second-stage exploit component: it does not function standalone but amplifies the impact of a separate renderer compromise by breaking Chrome's primary cross-site data isolation boundary. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low current exploitation probability despite the high confidentiality impact rating.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Paint component prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin integrity protections by inducing a user to visit a crafted HTML page. The flaw stems from insufficient policy enforcement in the Paint subsystem (CWE-639), enabling an attacker to write or manipulate content across origin boundaries, resulting in high integrity impact with no confidentiality or availability loss per the CVSS vector. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates very low current exploitation probability.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Autofill subsystem (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to bypass discretionary access control, resulting in high-integrity impact when a victim visits a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms the attack is network-delivered, low-complexity, and requires no privileges, though user interaction is a prerequisite. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low observed exploitation pressure.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient same-origin policy enforcement in Google Chrome's Paint rendering component (prior to 149.0.7827.53) allows unauthenticated remote attackers to bypass SOP boundaries via a crafted HTML page, resulting in high integrity impact against the victim's browser context. The attack requires user interaction (visiting a malicious page) but no authentication or elevated privileges. No public exploit code has been identified and no CISA KEV listing exists at time of analysis; EPSS is extremely low at 0.02% (4th percentile), indicating limited observed exploitation activity in the wild.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Paint component (all versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections by delivering a crafted HTML page to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms network-based, low-complexity exploitation with no privilege requirement, though victim interaction - visiting the attacker's page - is mandatory. No public exploit has been identified at time of analysis, and an EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation activity; this is not listed in CISA KEV.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-Origin Policy bypass in Google Chrome's Canvas implementation affects all versions prior to 149.0.7827.53, allowing a remote unauthenticated attacker to violate cross-origin integrity guarantees through a crafted HTML page. The vulnerability carries a High integrity impact (I:H) with no confidentiality or availability consequence, meaning an attacker can write or manipulate cross-origin data rather than read it. No public exploit code has been identified at time of analysis, and EPSS at 0.02% (4th percentile) suggests minimal observed exploitation pressure currently.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's FileSystem API implementation affects all desktop versions prior to 149.0.7827.53, exploitable by a remote attacker who has already achieved renderer process compromise. Delivering a crafted HTML page to a victim who interacts with it triggers the flaw, resulting in high-integrity cross-origin impact with no confidentiality or availability consequence. No public exploit code exists and EPSS sits at 0.02% (6th percentile), but the integrity impact and its role as a renderer-escape pivot make it relevant to multi-stage exploitation chains.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in the Cast component of Google Chrome (prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections via a crafted HTML page, requiring only that the target user visit the attacker-controlled page. The CVSS vector confirms high integrity impact with no confidentiality or availability consequence, indicating the attack allows unauthorized cross-origin writes or data manipulation rather than information disclosure. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) signals low observed exploitation interest despite the medium-severity Chromium classification.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Extensions subsystem (versions prior to 149.0.7827.53) allows an attacker who socially engineers a user into installing a crafted malicious extension to violate cross-origin boundaries, enabling unauthorized integrity impact against content from other origins. The CVSS vector (I:H, C:N) confirms the impact is write/modify-only - sensitive data exfiltration is not a direct consequence. No public exploit code or active exploitation has been identified at time of analysis; EPSS is negligible at 0.01% (1st percentile), consistent with the social-engineering prerequisite limiting mass exploitation.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.

Authentication Bypass Google Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

UI spoofing in Google Chrome's Payments subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate what the victim sees during a payment flow, achieving high-integrity impact by deceiving users into authorizing fraudulent transactions or submitting payment credentials to attacker-controlled surfaces. The attack requires the victim to visit a crafted HTML page and perform specific UI gestures, as confirmed by the CVSS UI:R designation. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% at the 11th percentile indicates minimal current exploitation activity despite the network-reachable attack vector.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 allows a crafted extension to bypass discretionary access controls (DAC), producing high-integrity impact with no confidentiality or availability consequence. Exploitation requires an attacker to socially engineer a user into installing a malicious extension, after which the extension subverts Chrome's permission boundary enforcement. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; EPSS is extremely low at 0.01% (1st percentile), consistent with no observed mass exploitation.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same Origin Policy bypass in Google Chrome's Workers implementation (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to violate cross-origin integrity boundaries by luring a victim to a crafted HTML page. The CVSS vector confirms no privileges are required but user interaction is necessary, yielding a High integrity impact with no confidentiality or availability consequence. No public exploit has been identified and EPSS stands at 0.02% (4th percentile), indicating no confirmed active exploitation at time of analysis.

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's DevTools component (all versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to bypass SOP protections via a crafted HTML page, resulting in a high-integrity impact with no confidentiality or availability loss. The attack requires user interaction (victim must visit a malicious page) and a prior renderer process compromise as a chained prerequisite, materially constraining real-world exploitability beyond the raw CVSS score implies. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; EPSS probability stands at 0.02% (6th percentile), consistent with a low-probability exploitation scenario.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page. The vulnerability stems from inappropriate handling of the Input component (CWE-20: Improper Input Validation) within Chromium's renderer, allowing crafted input to undermine the site isolation security boundary and produce high-integrity impact against cross-origin resources. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.02% (6th percentile), consistent with the renderer pre-compromise prerequisite that constrains standalone exploitation.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Passwords component prior to version 149.0.7827.53 allows remote attackers to access cross-origin resources via a crafted HTML page that a victim must visit. Rated High severity by Chromium with a CVSS of 8.1, the flaw enables exposure or modification of sensitive data across origin boundaries when a user is lured to attacker-controlled content. EPSS probability is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, but a vendor patch is available.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Same-origin policy bypass in Google Chrome's DevTools component prior to version 149.0.7827.53 allows remote attackers to violate browser security boundaries when victims perform specific UI gestures on attacker-controlled pages. The flaw stems from insufficient validation of untrusted input within DevTools and is rated High severity by Chromium with a CVSS of 8.8, though no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's Extensions component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to perform unauthorized cross-origin actions via a crafted HTML page. The vulnerability stems from insufficient input validation (CWE-20) in the Extensions subsystem and carries a CVSS integrity impact of High with no confidentiality or availability loss. No active exploitation has been confirmed - EPSS sits at 0.02% (6th percentile), SSVC exploitation status is 'none', and the CVE is not listed in CISA KEV - but a vendor-released patch is available.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Eos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Eos
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH NO ACTION HOSTED Monitor

Information disclosure in Microsoft Exchange Online allows remote unauthenticated attackers to access sensitive data due to improper authorization enforcement (CWE-285). The flaw carries a CVSS 9.1 score reflecting network-reachable exploitation without privileges or user interaction, though no public exploit identified at time of analysis. Microsoft has issued a fix through its cloud service, and the CVSS vector indicates high confidentiality and integrity impact despite the description focusing on disclosure.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH NO ACTION HOSTED Monitor

Privilege elevation in Microsoft Azure HorizonDB allows remote unauthenticated attackers to bypass authentication via identity spoofing and gain elevated access across trust boundaries. The CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction required, and a scope change indicating impact beyond the initially vulnerable component. No public exploit identified at time of analysis, but a Microsoft-issued patch is available via MSRC.

Authentication Bypass Microsoft
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authorization bypass in DFIR-IRIS prior to v2.4.28 allows any authenticated user to read IOCs across cases they should not access, perform bulk IOC disclosure, and create cases without role checks via an optional GraphQL endpoint at /graphql. No public exploit identified at time of analysis, but the trivial nature of the IDOR (simply supplying an arbitrary caseId to the GraphQL resolver) makes weaponization straightforward for anyone with valid platform credentials. EPSS data not provided; the vulnerability is not listed in CISA KEV.

Authentication Bypass Python
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Hard-coded credentials embedded in NAVTOR NavBox's Windows Communication Foundation (SOAP) implementation allow a local low-privileged attacker to extract static credentials and authenticate against privileged WCF methods, enabling arbitrary file write or overwrite within application-defined paths. All NavBox versions through 4.16.1.20 are affected when the SOAP interface is enabled. CISA ICS-CERT has issued advisory ICSA-26-155-01 for this OT/maritime navigation product; no public exploit has been identified at time of analysis, though the ICS context elevates operational safety concern.

Authentication Bypass Microsoft Navbox Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unauthorized payment triggering in Shopware's `/store-api/handle-payment` endpoint allows any low-privileged Store API caller - including guest checkout contexts - to initiate or retry the payment flow for another customer's order by supplying a known foreign `orderId`. The flaw affects `shopware/platform` and `shopware/core` versions below 6.6.10.18 and versions 6.7.0.0 through 6.7.10.0, and is confirmed fixed in releases 6.6.10.18 and 6.7.10.1 per GitHub advisory GHSA-9v5m-39wh-5chq. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS score of 4.3 (Medium) reflects limited scope: integrity of order and payment workflows is the primary risk, with no direct confidentiality or availability impact.

PHP Authentication Bypass
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Order state transition endpoints in Shopware's Admin API expose a vertical authorization bypass (CWE-862) where authenticated low-privileged users can manipulate order lifecycle states - including cancellation, fulfillment, and payment transitions - without holding the required `order:update` ACL privilege. The structural gap exists across both the 6.6.x and 6.7.x release lines because the affected routes in `OrderActionController.php` carry no ACL metadata, causing `AclAnnotationValidator` to exit without enforcing any privilege check, and the downstream `StateMachineRegistry` then executes writes under `Context::SYSTEM_SCOPE`. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but exploitation is mechanically trivial for any authenticated Admin API user regardless of their assigned role.

PHP Authentication Bypass Privilege Escalation
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Privilege escalation in Shopware's Sync API allows an authenticated API user holding the `integration:create` ACL to self-elevate to full administrator by posting `admin: true` via `POST /api/_action/sync`. The dedicated `IntegrationController` correctly enforces an admin-only guard on this field, but the Sync API routes writes through `SyncService → EntityWriter::upsert()`, which only validates entity-level ACL and `WriteProtection` flags - neither of which are present on the `admin` BoolField in `IntegrationDefinition`. Affected are `shopware/platform` and `shopware/core` prior to 6.6.10.18 and prior to 6.7.10.1; no public exploit or CISA KEV listing is confirmed at time of analysis, though the attack is mechanically trivial for any credential holder with the prerequisite ACL.

PHP Authentication Bypass
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Unauthenticated cross-origin read and write access to local development secrets in the Nhost CLI configserver affects all developers running `nhost dev` with CLI versions prior to 1.46.0. The hidden `configserver` subcommand exposes a Mimir GraphQL API with no-op authorization middleware and wildcard CORS (`Access-Control-Allow-Origin: *`), allowing any web page from an arbitrary origin to exfiltrate Hasura admin secrets, JWT signing keys, webhook secrets, and Grafana credentials, or inject attacker-controlled values into the local `.secrets` file. Publicly available exploit code exists within the security advisory itself; this CVE is not listed in CISA KEV, so no confirmed active exploitation in the wild is established at time of analysis.

Authentication Bypass Grafana
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 +2
NVD
EPSS 0% CVSS 2.2
LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Missing authorization on the Admin Dashboard endpoint of LakshayD02's Hostel-Management-System-PHP allows low-privileged authenticated users to manipulate the ID parameter in hostel/index.php to access or modify records beyond their permitted scope. All commits up to f87e67c283bab6f718faf2fec6ae39a13bd7036b are affected; the project uses no formal versioning, so no unaffected release exists. Publicly available exploit code exists, and the project maintainer had not responded to coordinated disclosure at time of reporting.

PHP Authentication Bypass
NVD VulDB GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

{id}) or delete (DELETE /api/projects) any project on the platform, triggering cascading deletion of associated Functions, APIGateways, and FunctionEvents. The write paths construct PermissionOptions without setting MemberIds, causing the platform-layer FilterProjectsByPermissions to short-circuit and skip OPA enforcement entirely. Publicly available exploit code exists (detailed working PoC in the advisory), and the issue is fixed in Nuclio 1.16.0 via PR #4107.

Authentication Bypass Python Docker +1
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Account takeover in Better Auth's deviceAuthorization plugin (versions >= 1.6.0, < 1.6.11) allows an authenticated attacker who learns a pending user_code to bind a victim's polling device to the attacker's session or deny the legitimate sign-in. The flaw stems from a missing ownership claim at the verification step combined with a short-circuited owner check on approve/deny endpoints. No public exploit identified at time of analysis, but the patch PR and detailed advisory provide a clear roadmap for exploitation.

Authentication Bypass
NVD GitHub
EPSS 0%
MEDIUM PATCH This Month

Sender identity spoofing in matrix-sdk-crypto (Rust crate) versions 0.12.0 through 0.16.0 allows a malicious or colluding homeserver operator to forge the apparent sender of Olm-encrypted to-device messages by supplying manipulated `sender_device_keys` without a corresponding user ID validation check. The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and is patched in version 0.16.1. No public exploit code exists and this CVE is not listed in CISA KEV, but the attack's reliance on homeserver-level access defines a concrete and realistic threat model for federated Matrix deployments where server trust is not absolute.

Authentication Bypass
NVD GitHub
EPSS 0%
MEDIUM PATCH This Month

Authentication bypass in doorkeeper-openid_connect's Dynamic Client Registration feature allows any party with a known client_id to obtain OAuth access tokens without supplying a client_secret. The root defect is in DynamicClientRegistrationController#register (dynamic_client_registration_controller.rb:18-25), which hard-codes confidential: false on every dynamically registered application while simultaneously returning a client_secret in the response and advertising client_secret_basic/client_secret_post auth methods. Because Doorkeeper's Application.by_uid_and_secret accepts a nil secret as valid for public (non-confidential) clients, the secret returned at registration is functionally decorative - any caller can authenticate at the token endpoint using only the public client_id. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists, but the advisory includes verbatim reproduction steps that document the bypass in full detail.

Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authorization bypass in Kurt Software Studio WriteUp Mobile App versions 1.3.0 through 04062026 allows authenticated users to access functionality outside their permitted scope, leading to high confidentiality, integrity, and availability impact. The flaw, reported by Turkey's national CERT (TR-CERT), stems from missing ACL enforcement on application functions reachable over the network with low privileges. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Writeup Mobile App
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Authorization bypass in MISP versions through 2.5.38 lets authenticated users delete records via HTTP DELETE requests even after the application's delete-validation callback has rejected the operation. The root cause is an operator-precedence bug in the CRUDComponent::delete() handler where missing parentheses caused validation checks to be skipped for the DELETE method. No public exploit identified at time of analysis, but the upstream fix commit on GitHub publicly discloses the exact one-line vulnerable expression, making weaponization trivial.

Authentication Bypass Misp
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress
NVD Exploit-DB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Authorization bypass in MISP's Event Template Importer allows authenticated users with template import privileges to overwrite event templates owned by other organizations on the same shared instance, violating inter-organizational data ownership boundaries. Versions up to and including 2.5.38 are affected; the overwrite workflow confirmed template existence but omitted an organizational ownership check, enabling cross-org template corruption. No public exploit code has been identified at time of analysis and SSVC signals no active exploitation, but the integrity impact is operationally significant in multi-tenant MISP deployments where organizational trust boundaries are critical.

Authentication Bypass Misp
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Credential disclosure in GX Earth ONT (Optical Network Terminal) devices allows remote attackers positioned on the network path to capture administrative authentication material by sniffing the unencrypted HTTP web management interface. The flaw scores CVSS 4.0 8.7 (High) with CWE-319 (Cleartext Transmission of Sensitive Information), and no public exploit identified at time of analysis, though interception techniques are well-understood and trivial to execute on shared media.

Authentication Bypass
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Hardcoded AES-128-CBC cryptographic keys embedded in the AcerConnect OTA application allow unauthenticated remote attackers to forge authorization credentials for arbitrary IMEI numbers against the Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019). Once credentials are forged, attackers can enumerate OTA catalog items and retrieve protected firmware binaries via pre-signed cloud storage links. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the static nature of the hardcoded key means any actor who obtains the application binary can trivially reproduce the attack.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Database flooding via unauthenticated abuse of Acer Connect M6E 5G Portable WiFi Router's registration endpoint allows remote attackers to exhaust storage by repeatedly invoking /v1/account/register without rate limiting, CAPTCHA, or other bot mitigation. The flaw affects firmware up to and including M6E_AI_1.00.000019 and carries a CVSS 4.0 score of 8.8 driven primarily by a high availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Server-level configuration changes can be made by any authenticated low-privilege user in Octopus Server through a specific API endpoint that fails to enforce authorization correctly, despite returning an error response to the caller. The flaw affects multiple active release lines - 2026.1.x, 2025.4.x, and 2023.x - and carries a CVSS 4.0 score of 6.0 with high availability impact on the vulnerable system. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Octopus Server
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Mass user data harvesting on the Acer Connect M6E 5G Portable WiFi Router is possible because the unauthenticated /v1/User/validate endpoint returns full user profile sheets keyed by predictable identifier strings. Remote attackers can iterate through identifiers to scrape every account's profile data without credentials, and no public exploit identified at time of analysis though the trivial attack pattern makes weaponization straightforward.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Hard-coded AWS Cognito credentials embedded in leftover debug modules of the Acer Connect M6E 5G Portable WiFi Router expose internal cloud test sandbox environments to remote unauthenticated attackers. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no network proximity, and no user interaction is required, meaning any attacker who obtains the static credentials - through firmware extraction or disclosure - can authenticate to Acer's AWS Cognito-backed test infrastructure. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated exposure of internal multimedia session archives in the Acer Connect M6E 5G Portable WiFi Router lets remote attackers retrieve sensitive recorded session data, and overly permissive CORS rules amplify the issue by enabling cross-origin theft from any web context a victim visits. CVSS 4.0 rates this 8.8 (high) with network attack vector, no privileges, and no user interaction; no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Unauthorized eSIM profile manipulation in the Acer Connect M6E 5G Portable WiFi Router allows adjacent attackers to rewrite or delete cellular eSIM profiles without authentication because management API endpoints fail to validate caller authorization. The flaw maps to CWE-287 (Improper Authentication) and is reported by Acer with CVSS 4.0 score 7.2, with no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a debug routine (SCREEN_CLICK opcode 5053) that skips the device login prompt and drops the caller directly into an interactive shell. CVSS 4.0 rates the issue 9.4 with scope change and high impact on confidentiality, integrity, and availability of both the router and connected subsystems; no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Insecure Direct Object Reference (IDOR) in the Acer Connect M6E 5G Portable WiFi Router's summary service endpoint allows authenticated remote users to access device data belonging to other users by supplying arbitrary hardware serial numbers the endpoint fails to validate against session ownership. The vulnerability affects all tracked versions per CPE data, requires only a valid authenticated session, and involves no user interaction or special configuration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded backend API keys through verbose error pages, enabling remote unauthenticated attackers to harvest credentials and gain full administrative control over the device. CVSS 4.0 scores this 9.3 (Critical) with no privileges or user interaction required, though no public exploit has been identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Authentication bypass on the local MQTT broker of the Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allows any connected client to subscribe with wildcard topics (# or +) and either enumerate hidden network devices or publish rogue control commands. CVSS 4.0 rates this 8.6 (High) with network attack vector and high confidentiality/integrity/availability impact; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Insecure Direct Object Reference in ITPison's OMICARD EDM (an email marketing platform) enables unauthenticated remote attackers to manipulate a specific request parameter to retrieve arbitrary users' email addresses without authorization. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms fully remote, zero-authentication exploitation requiring no user interaction, though impact is bounded to low-level confidentiality loss with no integrity or availability consequence. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Omicard Edm
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated information disclosure in the SP Project & Document Manager WordPress plugin (versions up to and including 4.71) allows remote attackers to enumerate file metadata and obtain download links for arbitrary files stored within project folders. The flaw stems from a broken authorization gate in the view_file AJAX handler where a negated nonce check is OR-chained with permission checks, causing the entire condition to evaluate true when no valid nonce is supplied. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects confidentiality-only impact with no integrity or availability consequences.

PHP Authentication Bypass WordPress
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Runtime integrity bypass on GNCC GP5 firmware v7.1.76 enables a physically-proximate unauthenticated attacker to circumvent file system read-only protections via a bind-mount attack, allowing arbitrary modification of system files and binaries for the current boot session. The device, an IoT platform, lacks enforcement of filesystem immutability at runtime, meaning a read-only mount can be shadowed by a writable bind-mount without detection. No public exploit has been confirmed beyond the published IoT vulnerability research linked in references, and exploitation probability is very low at 0.02% EPSS (4th percentile), consistent with the physical-access requirement.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.

Authentication Bypass Session Fixation
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Plaintext exposure of pre-signed Backblaze B2 upload URLs in GNCC GP5 camera firmware v7.1.76 allows physically-proximate attackers with serial UART access to harvest live cloud storage tokens. The leaked PUT URLs enable unauthorized write operations against the device's Backblaze B2 cloud storage bucket until the tokens expire. No public exploit identified at time of analysis, though a public research write-up describing the issue is referenced.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Authentication bypass in ealpha072's Student-Management-System PHP application exposes the administrative backend to remote unauthenticated attackers via a flaw in admin/config.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero prerequisites - no privileges, no user interaction, no special attack conditions - and a proof-of-concept exploit is publicly available via a GitHub issue report. The vendor has not responded to responsible disclosure and no patched release has been issued, leaving all deployments at or before commit 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 without an official remediation path.

PHP Authentication Bypass
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Hard-coded credentials embedded in NetApp Active IQ OneCollect 2.7.3 allow any low-privileged authenticated user to perform unauthorized AutoSupport operations beyond their intended authorization scope. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) confirms network-accessible exploitation with low complexity, requiring only a low-privilege account with no special attack conditions. No public exploit has been identified and the vulnerability does not appear in the CISA KEV catalog at time of analysis.

Authentication Bypass Active Iq Onecollect
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Hard-coded credentials in NetApp Active IQ Config Advisor 6.7.3 enable authenticated low-privileged attackers to perform unauthorized AutoSupport operations against connected NetApp infrastructure. The embedded credentials bypass intended access controls, allowing any account holder to trigger or manipulate AutoSupport telemetry functions beyond their assigned privilege level. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.

Authentication Bypass Active Iq Config Advisor
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Securly Chrome Extension 3.0.7 allows remote attackers to render all web browsing unusable when the extension's filtering service is unreachable. The extension dynamically registers an undeclared content script (content13.min.js) at runtime via chrome.scripting.registerContentScripts(), hiding every page behind a full-page overlay until the service worker validates the page; if Securly's servers fail or are blocked, pages remain indefinitely blank. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile).

Authentication Bypass Google Chrome
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Hardcoded cryptographic secrets in Securly Chrome Extension version 3.0.7 allow remote attackers to decrypt sensitive crisis alert keyword lists and intervention site data shipped with the extension. The plaintext AES passphrases embedded in securly.min.js can be extracted by anyone who installs or inspects the extension, exposing the proprietary detection logic used to safeguard students. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at 0.02% (4th percentile), but the trivial extractability of the keys means any motivated actor can replicate the disclosure.

Google Authentication Bypass Chrome
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.

RCE Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.

Authentication Bypass Linux Memory Corruption
NVD VulDB
Prev Page 28 of 348 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy