Authentication Bypass
Monthly
Open WebUI versions 0.8.10 and earlier allow authenticated users to bypass model access control by appending ?bypass_filter=true to POST requests to /openai/chat/completions or /ollama/api/chat endpoints. The vulnerability exposes an internal-only FastAPI function parameter to external HTTP clients via query string binding, permitting any authenticated user to invoke admin-restricted models regardless of their assigned access grants. Vendor-released patch: v0.8.11 (March 2026). No public exploit code identified beyond the PoC in the advisory, but exploitation is trivial for any authenticated user.
Low-privileged authenticated users in Open WebUI <=0.8.5 can invoke admin-restricted external tools (MCP servers, GitHub integrations, etc.) via the chat completion API by supplying arbitrary tool_ids or tool_servers parameters. Exploited tools execute with server-stored credentials, enabling unauthorized data access or actions through third-party integrations. Publicly available exploit code exists (PoC in GitHub advisory GHSA-4pcg-253r-rf9w). EPSS data not provided; CVSS 7.1 indicates network-accessible authenticated exploitation with high confidentiality impact. Vendor-released patches: v0.7.0 (partial, local tools) and v0.8.6 (complete fix for MCP servers). Users on >=0.8.6 are not affected.
Broken access control in Open WebUI's `/api/chat/completions` endpoint allows any authenticated user to read and continue other users' private conversations by supplying a known Chat ID. The API fails to verify chat ownership before granting access, exposing sensitive conversation data across multi-user deployments with shared AI models. Fixed in v0.9.0 via commit cf4218e68, which enforces ownership validation through `Chats.is_chat_owner()` checks. Exploitation requires low-privilege authentication (PR:L) and network access (AV:N), but no user interaction (UI:N) or special configuration-any default multi-user instance with shared pipelines is vulnerable. CVSS 7.1 (High) reflects network-accessible confidentiality breach (C:H) with limited integrity impact (I:L). No public exploit identified at time of analysis, but proof-of-concept published in GitHub advisory GHSA-gfm2-xm6c-37qc demonstrates trivial exploitation via legitimate API key usage.
Open WebUI fails to authorize model update requests, allowing authenticated users to modify private models belonging to other users and alter their access controls. Tested on version 0.5.4, this broken access control vulnerability affects all versions up to 0.5.6 and is exploitable via a direct POST request to the /api/v1/models/model/update endpoint without requiring special privileges beyond basic authentication.
Open WebUI before version 0.9.0 allows authenticated users to bypass API key endpoint restrictions by submitting requests via the `x-api-key` header instead of the `Authorization` header, enabling full access to protected endpoints including message processing and potentially admin functionality. The vulnerability affects deployments where admins have configured API key restrictions to limit which endpoints specific keys can access. A proof-of-concept demonstrates that the same API key correctly rejected via `Authorization` header (403 Forbidden) is fully processed via `x-api-key` header (200 OK with LLM response), completely undermining the intended access control model. No active public exploitation is reported, but the vulnerability is straightforward to exploit and has been verified against Open WebUI v0.8.11.
Open WebUI versions up to 0.9.2 allow users with read-only access to shared notes to toggle the pin status via the POST /api/v1/notes/{id}/pin endpoint, which incorrectly checks for read permission instead of write permission. This privilege escalation enables read-only users to perform a write operation (toggling is_pinned state) that should be restricted to users with explicit write access. The vulnerability is limited to the pin operation and does not permit modification of note content, title, or access grants. Publicly available proof-of-concept demonstrates the bypass across all shared notes with read access.
Authenticated admin users in pyLoad-ng can bypass the CVE-2026-33509 fix by setting the storage_folder to the Flask session directory (/tmp/pyLoad/flask), then downloading and reusing session files of other users via the /files/get/ endpoint to achieve account takeover. The original patch failed to block access to the session cache directory, leaving it accessible through the directory traversal protection bypass. Publicly available proof-of-concept code confirms the bypass is functional.
Horizontal privilege escalation in Open WebUI versions through 0.3.15 allows any authenticated user to enumerate, read, and delete all files uploaded by all other users via missing authorization checks in the files API endpoints. The vulnerability requires only low-privilege authenticated access to the web interface and has publicly available exploit code with a detailed proof-of-concept demonstrating how attackers can list all uploaded files regardless of owner, retrieve file contents, and delete arbitrary user files. Organizations running multi-user Open WebUI deployments face immediate risk of data breach and integrity loss, as file upload features in conversational AI platforms commonly handle sensitive documents and internal communications.
Discretionary access control bypass in Chrome Remote Desktop (Chromoting) allows adjacent network attackers to achieve limited confidentiality, integrity, and availability impact through a malicious file requiring user interaction. Google released Chrome 148.0.7778.168 to address this medium-severity flaw. EPSS score of 0.01% (1st percentile) and CISA SSVC assessment indicate low real-world exploitation probability with no observed exploitation activity. The adjacent network attack vector (AV:A) significantly constrains attacker positioning compared to typical remote vulnerabilities.
Site Isolation bypass in Google Chrome prior to 148.0.7778.168 allows remote attackers who have already compromised the renderer process to access cross-site data via crafted HTML pages. The vulnerability affects Chrome's AI policy enforcement, enabling a second-stage attack after initial renderer compromise. Attack complexity is high, requiring both initial renderer compromise and user interaction. EPSS score of 0.02% indicates very low exploitation probability, and no active exploitation or public POC has been identified. Vendor patch is available in Chrome 148.0.7778.168.
Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.
Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.
Cross-origin data leakage in Google Chrome on Windows via ANGLE graphics library allows renderer-compromised attackers to steal sensitive data from other origins through specially crafted web pages. Affects Chrome versions prior to 148.0.7778.168 on Windows platforms. EPSS probability of 0.03% (10th percentile) indicates low observed exploitation likelihood, with CISA SSVC confirming no active exploitation and non-automatable attack chain. Vendor patch released in Chrome 148.0.7778.168 stable channel update. Attack requires successful renderer process compromise as prerequisite, combined with user interaction, creating a chained exploitation scenario rather than standalone vulnerability.
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 occurs when an attacker who has already compromised the renderer process exploits an object corruption flaw in the Compositing component. The vulnerability requires user interaction with a malicious HTML page and high attack complexity to leak sensitive cross-origin data. Google has released a patch in Chrome 148.0.7778.168, and with EPSS at 0.03% (10th percentile) and no evidence of active exploitation (SSVC: none), this represents a medium-priority targeted threat rather than widespread exploitation risk.
Site Isolation bypass in Google Chrome on macOS allows attackers who have already compromised the renderer process to leak limited cross-origin data via malicious HTML in ReadingMode. Affects Chrome versions prior to 148.0.7778.168 on Mac only. EPSS score of 0.02% (6th percentile) indicates very low predicted exploitation probability. No active exploitation detected (not in CISA KEV), no public POC identified. CVSS 3.1 assigns Low severity despite High vendor severity rating due to requiring both renderer compromise and user interaction, with impact limited to confidentiality only.
Site Isolation bypass in Google Chrome versions prior to 148.0.7778.168 enables attackers who have already compromised the renderer process to break out of security sandboxes via specially crafted HTML pages. This represents an escalation path within Chrome's multi-process architecture, allowing cross-origin data access after initial renderer compromise. Vendor patch available as of May 2026 stable channel update. EPSS score of 0.02% (6th percentile) indicates minimal observed exploitation activity, and no CISA KEV listing or public POC exists at time of analysis, suggesting lower immediate priority despite the architectural significance of Site Isolation failures.
Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to escalate privileges and obtain code execution, remote desktop access, and data exfiltration capabilities. By directly invoking three unprotected ticket-generation endpoints (/v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, /v1/leases/:id/egress/ticket), attackers can obtain bridge-agent credentials and impersonate trusted lease-side bridges, bypassing intended read-only access restrictions. The vulnerability was patched in v0.12.0 (commit 95cb30dc) following VulnCheck disclosure. CVSS 8.6 (High) reflects network-accessible exploitation requiring only low-privilege authentication with low attack complexity. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack is straightforward for authenticated insiders.
Privilege escalation and cross-site scripting in Live Helper Chat 4.84v allows authenticated REST API users to manipulate chats outside their authorized departments and inject malicious JavaScript into operator sessions. Attackers with low-privilege lhchat/use access can modify arbitrary chat object fields including chat hash, status, and operation_admin properties, enabling unauthorized data access through visitor/widget paths and code execution in operator contexts. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.
Authentication bypass in Crabbox versions prior to v0.12.0 allows authenticated attackers with shared-token access to impersonate arbitrary owners or organizations. By injecting crafted X-Crabbox-Owner and X-Crabbox-Org headers in API requests, attackers can bypass authorization checks and gain full access to victim lease operations across organizational boundaries. VulnCheck reported this vulnerability, and a vendor-released patch is available in version v0.12.0. CVSS 8.7 (High) reflects network-accessible exploitation with low privileges required, high impact to confidentiality, integrity, and availability within the vulnerable component scope.
Unauthenticated remote attackers can register rogue workers in Gradient CI 1.1.0 when GRADIENT_DISCOVERABLE is enabled (default configuration), gaining access to all organizational jobs and the ability to inject malicious build artifacts into shared storage. The attacker sends a fresh worker UUID to /proto endpoint, obtaining PeerAuth::Open privileges that bypass organization isolation. Vendor-released patch: version 1.1.1. CVSS 9.4 Critical with network vector and no authentication required. No active exploitation confirmed (not in CISA KEV), but EPSS data unavailable for this 2026 CVE ID.
Remote attackers can bypass access controls in Yordam Library Automation System versions 19.5 through 22.0, achieving high confidentiality, integrity, and availability impact through incorrectly configured security levels. The vulnerability requires user interaction (CVSS UI:R) but no authentication (PR:N), enabling unauthorized access to library management functions. Reported by Turkey's national CERT (USOM), indicating regional awareness though not yet confirmed for active exploitation or CISA KEV listing.
Portainer's custom template file endpoint (GET /api/custom_templates/{id}/file) exposes template file contents to any authenticated user due to a completely absent authorization check in the customTemplateFile handler - a check that every other custom template endpoint correctly implements. Authenticated users at any privilege level can enumerate sequential integer template IDs to read Docker Compose files belonging to templates they have no explicit access to, potentially harvesting embedded secrets such as database connection strings, API tokens, and registry credentials. No public exploit or CISA KEV listing has been identified at time of analysis; however, exploitation requires only a valid session and sequential ID guessing, making it trivially scriptable against any unpatched multi-tenant Portainer instance.
Authorization bypass in Portainer's Docker Swarm proxy allows authenticated non-admin users with endpoint access to circumvent EndpointSecuritySettings restrictions configured by administrators. Affected versions include 2.33.0-2.33.7, 2.39.0-2.39.1, and 2.40.x, with fixes in 2.33.8, 2.39.2, and 2.41.0 respectively. No public exploit identified at time of analysis, but the GHSA-5fxq-qcf3-244w advisory provides detailed payload examples that effectively serve as a proof-of-concept blueprint enabling escape to root-equivalent access on Swarm manager hosts.
Authorization bypass in Portainer 2.33.0 through 2.33.7 allows authenticated users to access Kubernetes cluster resources beyond their assigned permissions due to missing return statement in middleware error handling. Any user with a valid Portainer session can exploit this to read or modify Kubernetes secrets, pods, deployments, and other resources on endpoints they should not access. The flaw affects both Community Edition and Enterprise Edition. Fixed in version 2.33.8 and inherently absent from 2.39.0+. No public exploit code identified at time of analysis, though the single-line code fix and detailed GitHub advisory make reproduction straightforward for authenticated attackers.
Authenticated regular users with container-creation rights in Portainer can mount arbitrary host filesystem paths into their containers by bypassing the 'Disable bind mounts for non-administrators' security control via HostConfig.Mounts instead of HostConfig.Binds, enabling root-level access to sensitive host files, Docker socket takeover, and container escape on shared Docker environments. The vulnerability is confirmed actively exploited based on seven independent security researcher reports, with vendor-released patches available across all supported branches (2.33.8, 2.39.2, 2.41.0). CVSS 8.5 reflects network exploitation with low complexity and changed scope impact, though real-world risk depends heavily on whether multi-tenant environments rely on this control as their primary container isolation mechanism.
Missing authorization in Portainer's Docker API proxy allows non-admin users with endpoint access to install and enable arbitrary Docker plugins, achieving root code execution on the Docker host. Standard users can bypass RBAC controls to call privileged plugin operations (`/plugins/pull`, `/plugins/{name}/enable`) directly against the Docker daemon, installing malicious plugins that run as root with CAP_SYS_ADMIN and arbitrary host mounts. Vendor-confirmed exploitation requires only low-privilege authenticated access (CVSS:4.0 9.4, AV:N/AC:L/PR:L). Patches released across three supported branches (2.33.8-LTS, 2.39.2-LTS, 2.41.0). No public exploit code identified at time of analysis, but attack technique is straightforward given detailed vendor disclosure.
Broken access control in FlowiseAI Flowise versions 3.1.1 and earlier allows any authenticated user to perform unauthorized CRUD operations on OpenAI Assistants Vector Stores via the /api/v1/openai-assistants-vector-store endpoints. The route handlers lack the checkAnyPermission() middleware applied to other privileged endpoints, so role-based access controls are bypassed entirely once an attacker has any valid API key or session. No public exploit is identified at time of analysis, but the fix is bundled in the FlowiseAI security release 3.1.2 alongside several other authorization fixes.
Cross-user authorization bypass in n8n's OAuth1/OAuth2 credential reconnect endpoints allows authenticated users with read-only access to shared credentials to overwrite stored OAuth tokens with attacker-controlled ones. Affects n8n versions prior to 1.123.43, 2.20.7, and 2.21.1 where credentials are shared between users or projects. No public exploit identified at time of analysis, and EPSS score is low (0.04%), but the flaw enables persistent hijacking of shared integrations and downstream workflow execution under the attacker's identity.
Remote code execution in n8n workflow automation platform is possible via a prototype pollution patch bypass in the XML node, affecting versions prior to 1.123.43, 2.20.7, and 2.22.1. Authenticated users with workflow creation or modification permissions can bypass the prior fix for GHSA-hqr4-h3xv-9m3r and, by chaining the XML node with other nodes, achieve code execution on the n8n host. No public exploit identified at time of analysis, though EPSS is low (0.05%) suggesting limited near-term mass exploitation despite the high CVSS 4.0 score of 9.4.
Insecure Direct Object Reference in wger fitness platform exposes any authenticated user's complete workout history, session notes, and training statistics through template routine API endpoints. Attackers with free accounts enumerate public template routine IDs and retrieve owners' private health data including workout notes, weights, repetitions, and performance metrics via /api/v2/routine/{id}/logs/ and /api/v2/routine/{id}/stats/ endpoints. Detailed proof-of-concept with Python exploit confirms trivial exploitation against wger <= 2.5.0a2. CVSS 7.5 rates this High severity, but NOTE: vector PR:N appears inconsistent with authenticated-only access described - attackers need valid credentials, suggesting actual vector should be PR:L. EPSS data not available. No CVE KEV listing or public exploit repositories identified beyond GitHub advisory disclosure. Patch status unconfirmed - GitHub advisory references fix commit but no released version number provided in available data.
Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments.
HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that could lead to account compromise or unauthorized access. The vulnerability requires adjacent network access and affects all versions of the product. No public exploit code has been identified, but the weak authentication controls represent a significant credential-stuffing and password-guessing risk in multi-tenant or shared-network environments.
HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.
HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.
Improper privilege management in AMD's KVM key download component allows authenticated local attackers to swap tokens and exfiltrate sensitive cryptographic keys due to insufficient access controls, potentially enabling unauthorized access to privileged resources and compromising system confidentiality. The vulnerability requires authenticated access (PR:L) but carries high confidentiality impact (VC:H), making it a significant risk in multi-tenant or shared-access environments.
Unauthenticated attackers with knowledge of the KVM key download endpoint URL can retrieve sensitive cryptographic keys without authentication, compromising confidentiality of encrypted communications and system secrets. This affects AMD KVM implementations and requires no special user interaction, though attackers must possess prior knowledge of the specific endpoint URL. No public exploit code or active exploitation has been identified at time of analysis.
{chatflowId} endpoint to overwrite server-controlled fields including workspaceId, deployed, isPublic, createdDate, and updatedDate. The vendor advisory GHSA-5wxp-qjgq-fx6m confirms tenant isolation can be broken in multi-tenant deployments, and publicly available exploit code exists in the form of a detailed PoC published with the advisory. No public exploit identified at time of analysis as actively used in the wild, and this CVE is not listed in CISA KEV.
{toolId}) allows authenticated users to overwrite server-controlled fields including workspaceId, createdDate, and updatedDate, breaking tenant isolation in multi-workspace deployments. The flaw stems from the request body being merged directly into the database entity without DTO validation or authorization checks, and a working proof-of-concept is published in the GHSA-x5v6-pj28-cwwm advisory. No public exploit identified at time of analysis in CISA KEV; vendor-released patch is Flowise 3.1.2.
Mass assignment in FlowiseAI Flowise allows authenticated low-privilege users to modify server-controlled properties on the PUT /api/v1/variables/{variableId} endpoint, including workspaceId, createdDate, and updatedDate. By reassigning a variable's workspaceId to an arbitrary value, an attacker can break tenant isolation in multi-workspace deployments and move variables across tenant boundaries. Publicly available exploit code exists in the GHSA-6fw7-3q8r-m5vj advisory, but no public exploit identified at time of analysis as widespread weaponization, and the issue is not listed in CISA KEV.
Fleet instances fail to validate the origin of client IP headers (True-Client-IP, X-Real-IP, X-Forwarded-For) before using them for API rate limiting, allowing unauthenticated attackers to bypass per-IP brute-force protections on sensitive endpoints such as login by rotating header values across requests. This vulnerability primarily affects Fleet deployments directly exposed to the internet without a reverse proxy that overwrites forwarded headers; instances behind properly configured proxies or WAFs have reduced exposure.
Fleet server crashes from a single malformed gRPC request to the PublishLogs endpoint, allowing complete denial of service. An attacker with any enrolled Launcher node key can terminate the Fleet server process instantly via a crafted gRPC call. CVSS 8.7 (High) reflects the ease and impact, though exploitation requires prior enrollment of a Launcher host. Vendor-released patch version 4.81.0 available. No public exploit identified at time of analysis, but attack requires minimal sophistication given authenticated access.
JWT authentication bypass in Fleet's Windows MDM enrollment allows attackers with access to any Azure AD tenant to enroll unauthorized devices and access management APIs. Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but fails to verify 'aud' (audience) or 'iss' (issuer) claims, accepting any Microsoft-signed token with the expected scopes. This enables unauthorized device enrollment and potential exposure of enrollment secrets embedded in MDM payloads. Vendor-released patch available in Fleet v4.82.0 (March 2026). No evidence of active exploitation (not in CISA KEV) at time of analysis, though the vulnerability was responsibly disclosed by security researcher @zaddy6.
Fleet trusts untrusted client-supplied IP address headers (X-Forwarded-For, X-Real-IP, True-Client-IP) when determining source IP for incoming requests, allowing both authenticated and unauthenticated attackers to spoof their apparent IP address and bypass per-IP rate limiting controls. This enables brute-force and password-spraying attacks against authentication endpoints to scale without triggering rate-limit protections, though the vulnerability does not itself enable authentication bypass, privilege escalation, data exposure, or remote code execution.
Missing authorization in PostgreSQL CREATE TYPE allows authenticated users to hijack search_path resolution and force other database users to execute arbitrary SQL functions chosen by the attacker. An authenticated attacker can create a malicious user-defined type in a schema that appears earlier in a victim's search_path than legitimate extension or system types, causing the victim's queries to execute attacker-controlled functions instead of intended ones. This affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. While CVSS 5.4 is moderate, the attack requires authenticated database access and carries real risk in multi-tenant or shared PostgreSQL environments where privilege escalation or lateral movement is the goal.
Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.
Unauthenticated attackers can export complete database tables from WordPress Multisite installations running Database Backup for WordPress plugin ≤2.5.2, exposing credentials, user data, and site content. The vulnerability stems from improper enforcement of authorization check return values, bypassing security controls. Exploitation is limited to legacy WordPress Multisite environments using the deprecated is_site_admin() function. CVSS 7.5 (High) with network attack vector and no authentication required. No CISA KEV listing indicates limited widespread exploitation, though the unauthenticated remote access vector presents significant risk for affected configurations.
Arbitrary file read and deletion in Database Backup for WordPress (versions ≤2.5.2) allows unauthenticated attackers on WordPress Multisite installations to access sensitive files and potentially achieve site takeover. The vulnerability stems from improper authorization enforcement combined with user-controlled backup directory parameters, exploitable only in Multisite environments using the deprecated is_site_admin() function. CVSS 8.1 with high attack complexity (AC:H) reflects the Multisite-only prerequisite. No CISA KEV listing indicates limited observed exploitation despite the critical authorization bypass nature.
Authorization bypass in Database Backup for WordPress plugin (≤2.5.2) enables unauthenticated attackers to redirect scheduled backup files to publicly accessible directories and retrieve them before cleanup. By poisoning the wp_db_temp_dir parameter via wp-cron.php, attackers can intercept database backups containing credentials, password hashes, and PII. Backup filenames follow predictable patterns (database name, table prefix, date, Swatch Internet Time), making interception reliable. Exploitation requires administrator-configured scheduled backups but no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N). EPSS and KEV data not provided; Wordfence-reported vulnerability with publicly accessible source code references enabling attack reproduction.
Authorization bypass in Yaay Social Media App versions 3.8.0 through 24102025 allows remote unauthenticated attackers to access restricted functionality and data by manipulating user-controlled key parameters. The vulnerability enables unauthorized access to features normally protected by access control lists (ACLs), potentially exposing user data, administrative functions, or content modification capabilities. TR-CERT has disclosed this issue with a CVSS base score of 8.8, requiring user interaction for exploitation. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis.
Insecure Direct Object Reference (IDOR) in Stel Order v3.25.1 and earlier allows authenticated attackers with low privileges to access confidential employee information across the organization by manipulating the 'employeeID' parameter in requests to the '/app/FrontController' endpoint. Attackers can enumerate and retrieve personal data including names, roles, job titles, and vacation records for any employee regardless of authorization level. EPSS data not available; no confirmed active exploitation (not in CISA KEV). CVSS 7.1 reflects high confidentiality impact but requires authentication, limiting immediate exposure to insider threats or compromised accounts.
Authorization bypass in DijiDemi v4.5.12.1 through v4.5.13.0 allows authenticated high-privilege users to escalate permissions through user-controlled cryptographic key manipulation. An attacker with high privileges can abuse the authorization mechanism by controlling session or authentication keys, bypassing intended access restrictions and potentially modifying data or executing unauthorized operations, though exploitation requires user interaction and high-privilege account access.
Hard-coded database credentials in Comarch ERP Optima client allow remote attackers on adjacent networks to access the backend database with elevated privileges and execute system commands on the server. The immutable credentials enable authentication bypass without requiring any user interaction or existing privileges. Fixed in version 2026.4, reported by CERT-PL. No public exploit or KEV listing identified at time of analysis, though the straightforward nature of credential-based attacks (CVSS:4.0 AV:A/AC:L/PR:N) suggests high exploitability for attackers with local network access.
Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hijack user sessions through user-controlled key manipulation. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. Turkish national CERT (TR-CERT) published an advisory, indicating regional significance. No public exploit code or CISA KEV listing identified at time of analysis, but the CVSS 9.8 Critical rating and network-accessible, unauthenticated attack vector suggest this is highly exploitable if the platform is internet-facing.
Unauthenticated attackers can permanently delete arbitrary WordPress content (posts, pages, WooCommerce products/orders) and manipulate post statuses in InfusedWoo Pro plugin versions up to 5.1.2 due to missing authorization checks. The CVSS 9.1 (Critical) score reflects network-accessible attack with no complexity barriers, though the Availability impact rating (A:N) appears inconsistent with the ability to mass-delete content. EPSS data unavailable; no CISA KEV listing or public exploit confirmed at time of analysis, but the WordPress ecosystem's large attack surface and clear Wordfence advisory make this a priority patching target for WooCommerce sites.
MW WP Form plugin for WordPress allows unauthenticated attackers to extract data from password-protected, private, and draft posts via the _get_post_property_from_querystring() function due to insufficient access control checks on post retrieval. The vulnerability affects all versions up to 5.1.2 and requires only network access with no user interaction, enabling confidential content disclosure to unauthorized users.
The User Registration & Membership WordPress plugin through version 5.1.5 allows unauthenticated attackers to bypass admin approval requirements and register accounts directly by sending a crafted request with action=createuser parameter, exploiting missing authorization checks in the account creation process. The vulnerability affects all installations of the plugin with default or custom configurations where the admin approval feature is enabled. CVSS 5.3 reflects limited confidentiality impact but integrity compromise through unauthorized account creation.
Insecure Direct Object Reference in the WordPress Fluent Forms plugin (versions through 6.2.0) allows authenticated users with Fluent Forms manager-level privileges to bypass form-level access controls via the exportEntries function. Attackers can exfiltrate submissions from forms they should not access, export data from arbitrary database tables, and enumerate table names through error message disclosure. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%) despite the high CVSS score.
Privilege escalation in the InfusedWoo Pro WordPress plugin (versions through 5.1.2) allows authenticated subscriber-level users to elevate themselves to Administrator by abusing the unprotected infusedwoo_gdpr_upddata() function to overwrite their wp_capabilities user meta. No public exploit identified at time of analysis, EPSS is very low (0.04%), and the issue is not listed in CISA KEV, but the technical impact is total once the simple authentication prerequisite is met.
Authentication bypass and privilege escalation in the InfusedWoo Pro WordPress plugin (versions through 5.1.2) lets unauthenticated remote attackers seize administrator accounts by abusing the iwar_save_recipe() AJAX handler. Because the endpoint lacks nonce verification and capability checks, attackers can plant a malicious automation recipe that chains an HTTP post trigger with an auto-login action, so visiting a crafted URL returns valid authentication cookies for any chosen user. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis, and EPSS sits at 0.19% (40th percentile) despite the SSVC assessment of total technical impact and automatable exploitation.
Authentication bypass in the Burst Statistics WordPress plugin versions 3.4.0 through 3.4.1.1 allows unauthenticated remote attackers to impersonate any administrator whose username they know by supplying an arbitrary Basic Authentication password. The flaw resides in flawed return-value handling within the `is_mainwp_authenticated()` function used to validate application passwords from the Authorization header, enabling privilege escalation per request. No public exploit identified at time of analysis, and EPSS is low (0.26%), but the CVSS 9.8 score and SSVC 'total' technical impact mark it as a high-severity authentication bypass worth prioritizing.
Private group member enumeration in GitLab CE/EE affects all versions from 15.1 through unfixed releases 18.9.6, 18.10.5, and 18.11.2, permitting any authenticated user holding project membership to discover the member list of an otherwise private group due to a missing authorization check (CWE-862). The flaw collapses GitLab's tiered permission boundary between project-level and group-level access, leaking organizational membership data to users who have no entitlement to view it. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% (2nd percentile) reflects near-zero observed exploitation probability.
Merge request approval bypass in GitLab Enterprise Edition allows authenticated users to circumvent policy-enforced approval gates due to improper cleanup of orphaned approval policy records. Affected are all GitLab EE deployments running versions from 15.7 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit exists and no active exploitation has been confirmed; however, the integrity impact carries meaningful governance risk in regulated environments where merge approval policies serve as a compliance or change-management control.
Improper access control in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to remove code owner approval rules from merge requests, effectively bypassing a critical gatekeeping control in the software development lifecycle. Affected are all GitLab EE versions from 11.10 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit or active exploitation has been identified at time of analysis; EPSS is 0.01% and CISA SSVC rates exploitation as none, indicating this is a low-urgency but organizationally meaningful integrity issue for teams relying on code owner rules for compliance or security enforcement.
Authorization bypass in the Fluent Forms WordPress plugin (versions ≤6.1.21) allows authenticated Fluent Forms Managers to read, modify, annotate, and delete submissions belonging to forms outside their assigned scope by tampering with a user-controlled form_id query parameter. The flaw stems from the SubmissionPolicy class trusting client-supplied input for authorization decisions, granting cross-form access despite role restrictions. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.03%.
Missing authorization controls in the WP Encryption WordPress plugin (all versions through 7.8.5.10) allow any authenticated subscriber-level user to invoke the `wple_basic_get_requests` function and tamper with SSL lifecycle configuration - resetting SSL setup state, falsely marking SSL as complete, and altering plan selection options. The affected plugin automates Let's Encrypt certificate provisioning for WordPress sites, meaning successful exploitation can silently break or misrepresent a site's HTTPS posture. No public exploit code exists and no active exploitation is confirmed (not in CISA KEV); EPSS at 0.02% and SSVC exploitation rating of 'none' place this firmly in the low-urgency tier despite the low privilege bar.
Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.
Unauthorized debug symbol exposure in GitLab CE/EE allows access to private debugging artifacts from projects the requester should not be able to reach, due to improper authorization controls (CWE-639: Authorization Bypass Through User-Controlled Key). Affected instances span all GitLab CE and EE deployments running versions from 16.7 up through the patched releases 18.9.7, 18.10.6, and 18.11.3 - a broad version window of roughly two years of releases. No public exploit has been identified at time of analysis, EPSS is 0.02% (5th percentile), and CISA SSVC rates exploitation status as none, collectively indicating low near-term exploitation probability despite the wide version exposure.
Authenticated developers in GitLab CE/EE versions before 18.9.7, 18.10.6, and 18.11.3 can bypass PyPI package protection rules and upload restricted packages due to improper authorization checks. Despite CVSS 4.3 rating, the 0.01% EPSS score and CISA SSVC assessment (exploitation: none, automatable: no, technical impact: partial) indicate minimal real-world exploitation risk, with no confirmed active exploitation or public exploits identified at time of analysis.
GitLab Enterprise Edition's instance-level approval rule editing prevention control can be bypassed by authenticated Maintainer-level users due to missing server-side authorization checks (CWE-862). Affected are all GitLab EE versions from 16.10 through before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. An attacker holding Maintainer permissions can modify or delete project approval rules even when an administrator has explicitly enabled the instance-level restriction designed to prevent such changes, undermining the integrity of merge request approval workflows. No public exploit identified at time of analysis, and EPSS is at the 1st percentile, indicating negligible opportunistic exploitation risk.
Authenticated developers in GitLab CE/EE can bypass container registry tag protection policies and delete protected tags due to improper server-side authorization checks (CWE-639), affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The vulnerability was privately disclosed via HackerOne (report 3480620) and remediated in the May 2026 patch release cycle. No public exploit identified at time of analysis, and an EPSS of 0.01% (1st percentile) combined with SSVC exploitation status of 'none' indicate minimal current real-world exploitation risk.
Unauthorized issue disclosure in GitLab CE/EE exposes confidential project data to authenticated Guest-level users who lack explicit project membership. By exploiting an object-level authorization flaw (CWE-639), a Guest user can retrieve issues belonging to projects they have no sanctioned access to, bypassing GitLab's project-level visibility controls. No public exploit exists and EPSS sits at 0.01%, but the broad version range - spanning GitLab 15.1 all the way through 18.11.2 - means a large install base requires patching, and the confidentiality risk is real for organizations using issues to track sensitive engineering or security work.
Payment bypass in LearnPress WordPress LMS Plugin (all versions ≤ 4.3.5) allows authenticated subscribers to enroll in any paid course at zero cost by manipulating a REST API parameter. The flaw stems from improper input handling in the add_to_cart() REST API endpoint where PHP's array_merge() permits attacker-supplied values to silently overwrite hardcoded order defaults - specifically the quantity field - causing the order total to resolve to $0 and bypassing all configured payment gateway enforcement. No public exploit code has been identified at time of analysis, and CISA KEV does not list this vulnerability; SSVC and EPSS both signal low current exploitation pressure, though the low-friction exploit path warrants prompt remediation on revenue-generating LMS deployments.
Authorization bypass in the My Calendar - Accessible Event Manager WordPress plugin (all versions through 3.7.9) allows authenticated attackers with custom-level access or higher to circumvent the moderation and approval workflow by directly manipulating the POST body. The plugin's server-side PHP code in my-calendar-event-editor.php accepted the client-supplied event_approved parameter and used it to override the server-calculated event status, despite UI-level restrictions ostensibly limiting low-privilege users to draft-only submissions. Exploitation enables unauthorized event publishing, cancellation, or marking events private - integrity impacts limited to the event management workflow. No public exploit identified at time of analysis; EPSS (0.02%, 4th percentile) and SSVC (exploitation: none) both indicate negligible current exploitation interest.
Unauthenticated remote information disclosure in CFEngine Enterprise (versions before 3.21.8, 3.24.3, and 3.27.0) allows network attackers to access sensitive data via incorrect access control implementation. The CVSS vector indicates network-accessible exploitation without authentication (AV:N/PR:N) with low attack complexity, enabling automated scanning and exploitation. EPSS probability is low (0.02%, 5th percentile), suggesting limited attacker interest to date, though the authentication bypass tag indicates the vulnerability could expose sensitive configuration or operational data. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Information disclosure in Hoppscotch (versions 2025.7.0 through pre-2026.4.0) allows unauthenticated remote attackers to retrieve all infrastructure secrets in plaintext by issuing a GET request to /v1/onboarding/config when the ONBOARDING_RECOVERY_TOKEN database value is an empty string. The flaw is an incomplete fix for CVE-2026-28215, which patched the POST counterpart but left the read endpoint exposed; publicly available exploit code exists per SSVC, although no public exploit identified at time of analysis in references, and EPSS is low at 0.04%.
Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the team owner, granting full control over the hosting account. The flaw stems from improper authorization checks within the team-member privilege model and carries a CVSS 7.1 (high integrity impact). EPSS is very low (0.03%) and no public exploit has been identified at time of analysis, but a vendor patch is available.
Cross-workspace IDOR in SQLBot (DataEase) versions prior to 1.8.0 allows authenticated low-privilege users to read and modify database schemas and data sources belonging to other tenants via the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema endpoints. The flaw breaks multi-tenant isolation in a Text-to-SQL platform that brokers access to backend databases, meaning a tenant can pivot to another tenant's data sources. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%), but SSVC rates technical impact as total.
Insufficient authorization enforcement on specific ERPNext endpoints allows authenticated low-privilege users to read sensitive data beyond their permitted role and make limited unauthorized data modifications. Affecting all ERPNext deployments prior to 15.102.0 (v15 branch) and prior to 16.11.0 (v16 branch), an attacker holding any valid user account can invoke unprotected server-side endpoints to access restricted records or alter data outside their role scope. No public exploit code exists and SSVC confirms no active exploitation, but the high confidentiality impact (CVSS C:H) warrants prompt patching - particularly on internet-exposed ERPNext instances where low-privilege accounts may be broadly distributed.
Privilege escalation in ERPNext versions prior to 16.9.1 allows authenticated low-privileged users to modify data outside their assigned role due to missing authorization checks on certain endpoints. The flaw carries a CVSS 9.9 score with scope change, but EPSS is only 0.04% and CISA SSVC reports no observed exploitation, indicating no public exploit identified at time of analysis. The vendor (Frappe) has released a patched version 16.9.1 alongside GHSA-cg5w-7g26-p3w9.
Privilege escalation in MISP threat intelligence platform versions prior to 2.5.37 allows organization administrators to reset authentication keys of site administrator accounts within the same organization, yielding cross-tier access takeover. The flaw stems from missing authorization checks in the auth key reset workflow, enabling an org-admin to harvest a freshly generated site-admin API key. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.06%, but a vendor-released patch (2.5.37) is available.
SQL injection in MISP threat intelligence platform versions prior to 2.5.37 allows remote unauthenticated attackers to manipulate ORDER BY clauses in event and shadow attribute listing endpoints by supplying crafted ordering parameters. The CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.04% and no public exploit identified at time of analysis. Given MISP's role as a repository of sensitive threat-intelligence data shared between organizations, successful exploitation could expose IOCs, attribution data, and partner-shared intelligence.
Insufficient session expiration in Strapi versions prior to 5.33.3 allows an authenticated attacker who has previously obtained a valid refresh token to maintain persistent unauthorized access even after the account owner resets their password. Both the admin panel (@strapi/admin) and the API-facing users-permissions plugin (@strapi/plugin-users-permissions) are affected, covering all Strapi deployments up to and including 5.33.2. Because the refresh-token invalidation logic was gated on a caller-supplied deviceId parameter, a password reset without that parameter left all prior refresh sessions alive - meaning credential rotation failed to evict an attacker for up to 30 days by default. No public exploit has been identified at time of analysis, and SSVC confirms exploitation status as none.
Improper access control in Grafana OSS allows authenticated Editor-role users to delete any annotation instance-wide, regardless of whether they hold read or create permissions on that annotation. The flaw affects a broad version range from 8.5.0 through 13.0.1, exposing organizations to unauthorized data destruction by low-privileged internal users. No active exploitation has been identified at time of analysis (SSVC: none; EPSS: 0.03%, 8th percentile), and no public exploit code exists; real-world risk is constrained by the authentication prerequisite and partial integrity-only impact.
Missing authorization in Grafana OSS's snapshot deletion endpoint allows any authenticated Editor-role user to delete arbitrary snapshots across the platform, regardless of whether they hold read or write access to those snapshots. Affected versions span a wide release range from 9.4.0 through 13.0.1 across multiple major branches (CPE: cpe:2.3:a:grafana:grafana_oss). With EPSS at 0.03% (8th percentile), SSVC exploitation rated none, and no public exploit identified at time of analysis, the practical threat is primarily insider abuse or compromised Editor credentials being used to destroy monitoring data outside an attacker's legitimate scope.
Privilege revocation race condition in Grafana OSS allows a user whose service-account token-minting permission was just revoked to continue minting tokens for several seconds after the revocation event. The flaw, tagged as an authentication bypass affecting multiple supported branches of Grafana OSS (11.x, 12.x, 13.x), can yield high confidentiality and integrity impact by granting persistent API access via newly minted service-account tokens. No public exploit identified at time of analysis, EPSS is very low (0.03%), and SSVC marks exploitation as none - but the vendor has issued patches across all affected branches.
Privilege escalation in Grafana OSS allows an authenticated Editor with write access to a dashboard they do not own to overwrite that dashboard and acquire admin permissions on it. The flaw, tracked as CVE-2026-33377 and disclosed by Grafana with patches across multiple maintained branches, has CVSS 7.1 reflecting high integrity impact via low-privileged network access. There is no public exploit identified at time of analysis, and EPSS sits at 0.03% (8th percentile), but the high integrity impact warrants prompt patching for multi-tenant Grafana deployments.
Incorrect Authorization in Palo Alto Networks Trust Protection Foundation allows adjacent-network unauthenticated attackers to bypass access controls and perform unauthorized actions against restricted resources. Affected version branches include 24.1.x, 24.3.x, 25.1.x, and 25.3.x, with fixed builds available from Palo Alto Networks. No public exploit identified at time of analysis, EPSS sits at the 1st percentile (0.01%), and SSVC rates exploitation as none - but the high availability impact component (VA:H in CVSS 4.0) on vulnerable systems makes patching a priority for organizations with exposed deployments.
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).
Open WebUI versions 0.8.10 and earlier allow authenticated users to bypass model access control by appending ?bypass_filter=true to POST requests to /openai/chat/completions or /ollama/api/chat endpoints. The vulnerability exposes an internal-only FastAPI function parameter to external HTTP clients via query string binding, permitting any authenticated user to invoke admin-restricted models regardless of their assigned access grants. Vendor-released patch: v0.8.11 (March 2026). No public exploit code identified beyond the PoC in the advisory, but exploitation is trivial for any authenticated user.
Low-privileged authenticated users in Open WebUI <=0.8.5 can invoke admin-restricted external tools (MCP servers, GitHub integrations, etc.) via the chat completion API by supplying arbitrary tool_ids or tool_servers parameters. Exploited tools execute with server-stored credentials, enabling unauthorized data access or actions through third-party integrations. Publicly available exploit code exists (PoC in GitHub advisory GHSA-4pcg-253r-rf9w). EPSS data not provided; CVSS 7.1 indicates network-accessible authenticated exploitation with high confidentiality impact. Vendor-released patches: v0.7.0 (partial, local tools) and v0.8.6 (complete fix for MCP servers). Users on >=0.8.6 are not affected.
Broken access control in Open WebUI's `/api/chat/completions` endpoint allows any authenticated user to read and continue other users' private conversations by supplying a known Chat ID. The API fails to verify chat ownership before granting access, exposing sensitive conversation data across multi-user deployments with shared AI models. Fixed in v0.9.0 via commit cf4218e68, which enforces ownership validation through `Chats.is_chat_owner()` checks. Exploitation requires low-privilege authentication (PR:L) and network access (AV:N), but no user interaction (UI:N) or special configuration-any default multi-user instance with shared pipelines is vulnerable. CVSS 7.1 (High) reflects network-accessible confidentiality breach (C:H) with limited integrity impact (I:L). No public exploit identified at time of analysis, but proof-of-concept published in GitHub advisory GHSA-gfm2-xm6c-37qc demonstrates trivial exploitation via legitimate API key usage.
Open WebUI fails to authorize model update requests, allowing authenticated users to modify private models belonging to other users and alter their access controls. Tested on version 0.5.4, this broken access control vulnerability affects all versions up to 0.5.6 and is exploitable via a direct POST request to the /api/v1/models/model/update endpoint without requiring special privileges beyond basic authentication.
Open WebUI before version 0.9.0 allows authenticated users to bypass API key endpoint restrictions by submitting requests via the `x-api-key` header instead of the `Authorization` header, enabling full access to protected endpoints including message processing and potentially admin functionality. The vulnerability affects deployments where admins have configured API key restrictions to limit which endpoints specific keys can access. A proof-of-concept demonstrates that the same API key correctly rejected via `Authorization` header (403 Forbidden) is fully processed via `x-api-key` header (200 OK with LLM response), completely undermining the intended access control model. No active public exploitation is reported, but the vulnerability is straightforward to exploit and has been verified against Open WebUI v0.8.11.
Open WebUI versions up to 0.9.2 allow users with read-only access to shared notes to toggle the pin status via the POST /api/v1/notes/{id}/pin endpoint, which incorrectly checks for read permission instead of write permission. This privilege escalation enables read-only users to perform a write operation (toggling is_pinned state) that should be restricted to users with explicit write access. The vulnerability is limited to the pin operation and does not permit modification of note content, title, or access grants. Publicly available proof-of-concept demonstrates the bypass across all shared notes with read access.
Authenticated admin users in pyLoad-ng can bypass the CVE-2026-33509 fix by setting the storage_folder to the Flask session directory (/tmp/pyLoad/flask), then downloading and reusing session files of other users via the /files/get/ endpoint to achieve account takeover. The original patch failed to block access to the session cache directory, leaving it accessible through the directory traversal protection bypass. Publicly available proof-of-concept code confirms the bypass is functional.
Horizontal privilege escalation in Open WebUI versions through 0.3.15 allows any authenticated user to enumerate, read, and delete all files uploaded by all other users via missing authorization checks in the files API endpoints. The vulnerability requires only low-privilege authenticated access to the web interface and has publicly available exploit code with a detailed proof-of-concept demonstrating how attackers can list all uploaded files regardless of owner, retrieve file contents, and delete arbitrary user files. Organizations running multi-user Open WebUI deployments face immediate risk of data breach and integrity loss, as file upload features in conversational AI platforms commonly handle sensitive documents and internal communications.
Discretionary access control bypass in Chrome Remote Desktop (Chromoting) allows adjacent network attackers to achieve limited confidentiality, integrity, and availability impact through a malicious file requiring user interaction. Google released Chrome 148.0.7778.168 to address this medium-severity flaw. EPSS score of 0.01% (1st percentile) and CISA SSVC assessment indicate low real-world exploitation probability with no observed exploitation activity. The adjacent network attack vector (AV:A) significantly constrains attacker positioning compared to typical remote vulnerabilities.
Site Isolation bypass in Google Chrome prior to 148.0.7778.168 allows remote attackers who have already compromised the renderer process to access cross-site data via crafted HTML pages. The vulnerability affects Chrome's AI policy enforcement, enabling a second-stage attack after initial renderer compromise. Attack complexity is high, requiring both initial renderer compromise and user interaction. EPSS score of 0.02% indicates very low exploitation probability, and no active exploitation or public POC has been identified. Vendor patch is available in Chrome 148.0.7778.168.
Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.
Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.
Cross-origin data leakage in Google Chrome on Windows via ANGLE graphics library allows renderer-compromised attackers to steal sensitive data from other origins through specially crafted web pages. Affects Chrome versions prior to 148.0.7778.168 on Windows platforms. EPSS probability of 0.03% (10th percentile) indicates low observed exploitation likelihood, with CISA SSVC confirming no active exploitation and non-automatable attack chain. Vendor patch released in Chrome 148.0.7778.168 stable channel update. Attack requires successful renderer process compromise as prerequisite, combined with user interaction, creating a chained exploitation scenario rather than standalone vulnerability.
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 occurs when an attacker who has already compromised the renderer process exploits an object corruption flaw in the Compositing component. The vulnerability requires user interaction with a malicious HTML page and high attack complexity to leak sensitive cross-origin data. Google has released a patch in Chrome 148.0.7778.168, and with EPSS at 0.03% (10th percentile) and no evidence of active exploitation (SSVC: none), this represents a medium-priority targeted threat rather than widespread exploitation risk.
Site Isolation bypass in Google Chrome on macOS allows attackers who have already compromised the renderer process to leak limited cross-origin data via malicious HTML in ReadingMode. Affects Chrome versions prior to 148.0.7778.168 on Mac only. EPSS score of 0.02% (6th percentile) indicates very low predicted exploitation probability. No active exploitation detected (not in CISA KEV), no public POC identified. CVSS 3.1 assigns Low severity despite High vendor severity rating due to requiring both renderer compromise and user interaction, with impact limited to confidentiality only.
Site Isolation bypass in Google Chrome versions prior to 148.0.7778.168 enables attackers who have already compromised the renderer process to break out of security sandboxes via specially crafted HTML pages. This represents an escalation path within Chrome's multi-process architecture, allowing cross-origin data access after initial renderer compromise. Vendor patch available as of May 2026 stable channel update. EPSS score of 0.02% (6th percentile) indicates minimal observed exploitation activity, and no CISA KEV listing or public POC exists at time of analysis, suggesting lower immediate priority despite the architectural significance of Site Isolation failures.
Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to escalate privileges and obtain code execution, remote desktop access, and data exfiltration capabilities. By directly invoking three unprotected ticket-generation endpoints (/v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, /v1/leases/:id/egress/ticket), attackers can obtain bridge-agent credentials and impersonate trusted lease-side bridges, bypassing intended read-only access restrictions. The vulnerability was patched in v0.12.0 (commit 95cb30dc) following VulnCheck disclosure. CVSS 8.6 (High) reflects network-accessible exploitation requiring only low-privilege authentication with low attack complexity. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack is straightforward for authenticated insiders.
Privilege escalation and cross-site scripting in Live Helper Chat 4.84v allows authenticated REST API users to manipulate chats outside their authorized departments and inject malicious JavaScript into operator sessions. Attackers with low-privilege lhchat/use access can modify arbitrary chat object fields including chat hash, status, and operation_admin properties, enabling unauthorized data access through visitor/widget paths and code execution in operator contexts. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.
Authentication bypass in Crabbox versions prior to v0.12.0 allows authenticated attackers with shared-token access to impersonate arbitrary owners or organizations. By injecting crafted X-Crabbox-Owner and X-Crabbox-Org headers in API requests, attackers can bypass authorization checks and gain full access to victim lease operations across organizational boundaries. VulnCheck reported this vulnerability, and a vendor-released patch is available in version v0.12.0. CVSS 8.7 (High) reflects network-accessible exploitation with low privileges required, high impact to confidentiality, integrity, and availability within the vulnerable component scope.
Unauthenticated remote attackers can register rogue workers in Gradient CI 1.1.0 when GRADIENT_DISCOVERABLE is enabled (default configuration), gaining access to all organizational jobs and the ability to inject malicious build artifacts into shared storage. The attacker sends a fresh worker UUID to /proto endpoint, obtaining PeerAuth::Open privileges that bypass organization isolation. Vendor-released patch: version 1.1.1. CVSS 9.4 Critical with network vector and no authentication required. No active exploitation confirmed (not in CISA KEV), but EPSS data unavailable for this 2026 CVE ID.
Remote attackers can bypass access controls in Yordam Library Automation System versions 19.5 through 22.0, achieving high confidentiality, integrity, and availability impact through incorrectly configured security levels. The vulnerability requires user interaction (CVSS UI:R) but no authentication (PR:N), enabling unauthorized access to library management functions. Reported by Turkey's national CERT (USOM), indicating regional awareness though not yet confirmed for active exploitation or CISA KEV listing.
Portainer's custom template file endpoint (GET /api/custom_templates/{id}/file) exposes template file contents to any authenticated user due to a completely absent authorization check in the customTemplateFile handler - a check that every other custom template endpoint correctly implements. Authenticated users at any privilege level can enumerate sequential integer template IDs to read Docker Compose files belonging to templates they have no explicit access to, potentially harvesting embedded secrets such as database connection strings, API tokens, and registry credentials. No public exploit or CISA KEV listing has been identified at time of analysis; however, exploitation requires only a valid session and sequential ID guessing, making it trivially scriptable against any unpatched multi-tenant Portainer instance.
Authorization bypass in Portainer's Docker Swarm proxy allows authenticated non-admin users with endpoint access to circumvent EndpointSecuritySettings restrictions configured by administrators. Affected versions include 2.33.0-2.33.7, 2.39.0-2.39.1, and 2.40.x, with fixes in 2.33.8, 2.39.2, and 2.41.0 respectively. No public exploit identified at time of analysis, but the GHSA-5fxq-qcf3-244w advisory provides detailed payload examples that effectively serve as a proof-of-concept blueprint enabling escape to root-equivalent access on Swarm manager hosts.
Authorization bypass in Portainer 2.33.0 through 2.33.7 allows authenticated users to access Kubernetes cluster resources beyond their assigned permissions due to missing return statement in middleware error handling. Any user with a valid Portainer session can exploit this to read or modify Kubernetes secrets, pods, deployments, and other resources on endpoints they should not access. The flaw affects both Community Edition and Enterprise Edition. Fixed in version 2.33.8 and inherently absent from 2.39.0+. No public exploit code identified at time of analysis, though the single-line code fix and detailed GitHub advisory make reproduction straightforward for authenticated attackers.
Authenticated regular users with container-creation rights in Portainer can mount arbitrary host filesystem paths into their containers by bypassing the 'Disable bind mounts for non-administrators' security control via HostConfig.Mounts instead of HostConfig.Binds, enabling root-level access to sensitive host files, Docker socket takeover, and container escape on shared Docker environments. The vulnerability is confirmed actively exploited based on seven independent security researcher reports, with vendor-released patches available across all supported branches (2.33.8, 2.39.2, 2.41.0). CVSS 8.5 reflects network exploitation with low complexity and changed scope impact, though real-world risk depends heavily on whether multi-tenant environments rely on this control as their primary container isolation mechanism.
Missing authorization in Portainer's Docker API proxy allows non-admin users with endpoint access to install and enable arbitrary Docker plugins, achieving root code execution on the Docker host. Standard users can bypass RBAC controls to call privileged plugin operations (`/plugins/pull`, `/plugins/{name}/enable`) directly against the Docker daemon, installing malicious plugins that run as root with CAP_SYS_ADMIN and arbitrary host mounts. Vendor-confirmed exploitation requires only low-privilege authenticated access (CVSS:4.0 9.4, AV:N/AC:L/PR:L). Patches released across three supported branches (2.33.8-LTS, 2.39.2-LTS, 2.41.0). No public exploit code identified at time of analysis, but attack technique is straightforward given detailed vendor disclosure.
Broken access control in FlowiseAI Flowise versions 3.1.1 and earlier allows any authenticated user to perform unauthorized CRUD operations on OpenAI Assistants Vector Stores via the /api/v1/openai-assistants-vector-store endpoints. The route handlers lack the checkAnyPermission() middleware applied to other privileged endpoints, so role-based access controls are bypassed entirely once an attacker has any valid API key or session. No public exploit is identified at time of analysis, but the fix is bundled in the FlowiseAI security release 3.1.2 alongside several other authorization fixes.
Cross-user authorization bypass in n8n's OAuth1/OAuth2 credential reconnect endpoints allows authenticated users with read-only access to shared credentials to overwrite stored OAuth tokens with attacker-controlled ones. Affects n8n versions prior to 1.123.43, 2.20.7, and 2.21.1 where credentials are shared between users or projects. No public exploit identified at time of analysis, and EPSS score is low (0.04%), but the flaw enables persistent hijacking of shared integrations and downstream workflow execution under the attacker's identity.
Remote code execution in n8n workflow automation platform is possible via a prototype pollution patch bypass in the XML node, affecting versions prior to 1.123.43, 2.20.7, and 2.22.1. Authenticated users with workflow creation or modification permissions can bypass the prior fix for GHSA-hqr4-h3xv-9m3r and, by chaining the XML node with other nodes, achieve code execution on the n8n host. No public exploit identified at time of analysis, though EPSS is low (0.05%) suggesting limited near-term mass exploitation despite the high CVSS 4.0 score of 9.4.
Insecure Direct Object Reference in wger fitness platform exposes any authenticated user's complete workout history, session notes, and training statistics through template routine API endpoints. Attackers with free accounts enumerate public template routine IDs and retrieve owners' private health data including workout notes, weights, repetitions, and performance metrics via /api/v2/routine/{id}/logs/ and /api/v2/routine/{id}/stats/ endpoints. Detailed proof-of-concept with Python exploit confirms trivial exploitation against wger <= 2.5.0a2. CVSS 7.5 rates this High severity, but NOTE: vector PR:N appears inconsistent with authenticated-only access described - attackers need valid credentials, suggesting actual vector should be PR:L. EPSS data not available. No CVE KEV listing or public exploit repositories identified beyond GitHub advisory disclosure. Patch status unconfirmed - GitHub advisory references fix commit but no released version number provided in available data.
Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments.
HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that could lead to account compromise or unauthorized access. The vulnerability requires adjacent network access and affects all versions of the product. No public exploit code has been identified, but the weak authentication controls represent a significant credential-stuffing and password-guessing risk in multi-tenant or shared-network environments.
HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.
HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.
Improper privilege management in AMD's KVM key download component allows authenticated local attackers to swap tokens and exfiltrate sensitive cryptographic keys due to insufficient access controls, potentially enabling unauthorized access to privileged resources and compromising system confidentiality. The vulnerability requires authenticated access (PR:L) but carries high confidentiality impact (VC:H), making it a significant risk in multi-tenant or shared-access environments.
Unauthenticated attackers with knowledge of the KVM key download endpoint URL can retrieve sensitive cryptographic keys without authentication, compromising confidentiality of encrypted communications and system secrets. This affects AMD KVM implementations and requires no special user interaction, though attackers must possess prior knowledge of the specific endpoint URL. No public exploit code or active exploitation has been identified at time of analysis.
{chatflowId} endpoint to overwrite server-controlled fields including workspaceId, deployed, isPublic, createdDate, and updatedDate. The vendor advisory GHSA-5wxp-qjgq-fx6m confirms tenant isolation can be broken in multi-tenant deployments, and publicly available exploit code exists in the form of a detailed PoC published with the advisory. No public exploit identified at time of analysis as actively used in the wild, and this CVE is not listed in CISA KEV.
{toolId}) allows authenticated users to overwrite server-controlled fields including workspaceId, createdDate, and updatedDate, breaking tenant isolation in multi-workspace deployments. The flaw stems from the request body being merged directly into the database entity without DTO validation or authorization checks, and a working proof-of-concept is published in the GHSA-x5v6-pj28-cwwm advisory. No public exploit identified at time of analysis in CISA KEV; vendor-released patch is Flowise 3.1.2.
Mass assignment in FlowiseAI Flowise allows authenticated low-privilege users to modify server-controlled properties on the PUT /api/v1/variables/{variableId} endpoint, including workspaceId, createdDate, and updatedDate. By reassigning a variable's workspaceId to an arbitrary value, an attacker can break tenant isolation in multi-workspace deployments and move variables across tenant boundaries. Publicly available exploit code exists in the GHSA-6fw7-3q8r-m5vj advisory, but no public exploit identified at time of analysis as widespread weaponization, and the issue is not listed in CISA KEV.
Fleet instances fail to validate the origin of client IP headers (True-Client-IP, X-Real-IP, X-Forwarded-For) before using them for API rate limiting, allowing unauthenticated attackers to bypass per-IP brute-force protections on sensitive endpoints such as login by rotating header values across requests. This vulnerability primarily affects Fleet deployments directly exposed to the internet without a reverse proxy that overwrites forwarded headers; instances behind properly configured proxies or WAFs have reduced exposure.
Fleet server crashes from a single malformed gRPC request to the PublishLogs endpoint, allowing complete denial of service. An attacker with any enrolled Launcher node key can terminate the Fleet server process instantly via a crafted gRPC call. CVSS 8.7 (High) reflects the ease and impact, though exploitation requires prior enrollment of a Launcher host. Vendor-released patch version 4.81.0 available. No public exploit identified at time of analysis, but attack requires minimal sophistication given authenticated access.
JWT authentication bypass in Fleet's Windows MDM enrollment allows attackers with access to any Azure AD tenant to enroll unauthorized devices and access management APIs. Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but fails to verify 'aud' (audience) or 'iss' (issuer) claims, accepting any Microsoft-signed token with the expected scopes. This enables unauthorized device enrollment and potential exposure of enrollment secrets embedded in MDM payloads. Vendor-released patch available in Fleet v4.82.0 (March 2026). No evidence of active exploitation (not in CISA KEV) at time of analysis, though the vulnerability was responsibly disclosed by security researcher @zaddy6.
Fleet trusts untrusted client-supplied IP address headers (X-Forwarded-For, X-Real-IP, True-Client-IP) when determining source IP for incoming requests, allowing both authenticated and unauthenticated attackers to spoof their apparent IP address and bypass per-IP rate limiting controls. This enables brute-force and password-spraying attacks against authentication endpoints to scale without triggering rate-limit protections, though the vulnerability does not itself enable authentication bypass, privilege escalation, data exposure, or remote code execution.
Missing authorization in PostgreSQL CREATE TYPE allows authenticated users to hijack search_path resolution and force other database users to execute arbitrary SQL functions chosen by the attacker. An authenticated attacker can create a malicious user-defined type in a schema that appears earlier in a victim's search_path than legitimate extension or system types, causing the victim's queries to execute attacker-controlled functions instead of intended ones. This affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. While CVSS 5.4 is moderate, the attack requires authenticated database access and carries real risk in multi-tenant or shared PostgreSQL environments where privilege escalation or lateral movement is the goal.
Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.
Unauthenticated attackers can export complete database tables from WordPress Multisite installations running Database Backup for WordPress plugin ≤2.5.2, exposing credentials, user data, and site content. The vulnerability stems from improper enforcement of authorization check return values, bypassing security controls. Exploitation is limited to legacy WordPress Multisite environments using the deprecated is_site_admin() function. CVSS 7.5 (High) with network attack vector and no authentication required. No CISA KEV listing indicates limited widespread exploitation, though the unauthenticated remote access vector presents significant risk for affected configurations.
Arbitrary file read and deletion in Database Backup for WordPress (versions ≤2.5.2) allows unauthenticated attackers on WordPress Multisite installations to access sensitive files and potentially achieve site takeover. The vulnerability stems from improper authorization enforcement combined with user-controlled backup directory parameters, exploitable only in Multisite environments using the deprecated is_site_admin() function. CVSS 8.1 with high attack complexity (AC:H) reflects the Multisite-only prerequisite. No CISA KEV listing indicates limited observed exploitation despite the critical authorization bypass nature.
Authorization bypass in Database Backup for WordPress plugin (≤2.5.2) enables unauthenticated attackers to redirect scheduled backup files to publicly accessible directories and retrieve them before cleanup. By poisoning the wp_db_temp_dir parameter via wp-cron.php, attackers can intercept database backups containing credentials, password hashes, and PII. Backup filenames follow predictable patterns (database name, table prefix, date, Swatch Internet Time), making interception reliable. Exploitation requires administrator-configured scheduled backups but no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N). EPSS and KEV data not provided; Wordfence-reported vulnerability with publicly accessible source code references enabling attack reproduction.
Authorization bypass in Yaay Social Media App versions 3.8.0 through 24102025 allows remote unauthenticated attackers to access restricted functionality and data by manipulating user-controlled key parameters. The vulnerability enables unauthorized access to features normally protected by access control lists (ACLs), potentially exposing user data, administrative functions, or content modification capabilities. TR-CERT has disclosed this issue with a CVSS base score of 8.8, requiring user interaction for exploitation. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis.
Insecure Direct Object Reference (IDOR) in Stel Order v3.25.1 and earlier allows authenticated attackers with low privileges to access confidential employee information across the organization by manipulating the 'employeeID' parameter in requests to the '/app/FrontController' endpoint. Attackers can enumerate and retrieve personal data including names, roles, job titles, and vacation records for any employee regardless of authorization level. EPSS data not available; no confirmed active exploitation (not in CISA KEV). CVSS 7.1 reflects high confidentiality impact but requires authentication, limiting immediate exposure to insider threats or compromised accounts.
Authorization bypass in DijiDemi v4.5.12.1 through v4.5.13.0 allows authenticated high-privilege users to escalate permissions through user-controlled cryptographic key manipulation. An attacker with high privileges can abuse the authorization mechanism by controlling session or authentication keys, bypassing intended access restrictions and potentially modifying data or executing unauthorized operations, though exploitation requires user interaction and high-privilege account access.
Hard-coded database credentials in Comarch ERP Optima client allow remote attackers on adjacent networks to access the backend database with elevated privileges and execute system commands on the server. The immutable credentials enable authentication bypass without requiring any user interaction or existing privileges. Fixed in version 2026.4, reported by CERT-PL. No public exploit or KEV listing identified at time of analysis, though the straightforward nature of credential-based attacks (CVSS:4.0 AV:A/AC:L/PR:N) suggests high exploitability for attackers with local network access.
Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hijack user sessions through user-controlled key manipulation. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. Turkish national CERT (TR-CERT) published an advisory, indicating regional significance. No public exploit code or CISA KEV listing identified at time of analysis, but the CVSS 9.8 Critical rating and network-accessible, unauthenticated attack vector suggest this is highly exploitable if the platform is internet-facing.
Unauthenticated attackers can permanently delete arbitrary WordPress content (posts, pages, WooCommerce products/orders) and manipulate post statuses in InfusedWoo Pro plugin versions up to 5.1.2 due to missing authorization checks. The CVSS 9.1 (Critical) score reflects network-accessible attack with no complexity barriers, though the Availability impact rating (A:N) appears inconsistent with the ability to mass-delete content. EPSS data unavailable; no CISA KEV listing or public exploit confirmed at time of analysis, but the WordPress ecosystem's large attack surface and clear Wordfence advisory make this a priority patching target for WooCommerce sites.
MW WP Form plugin for WordPress allows unauthenticated attackers to extract data from password-protected, private, and draft posts via the _get_post_property_from_querystring() function due to insufficient access control checks on post retrieval. The vulnerability affects all versions up to 5.1.2 and requires only network access with no user interaction, enabling confidential content disclosure to unauthorized users.
The User Registration & Membership WordPress plugin through version 5.1.5 allows unauthenticated attackers to bypass admin approval requirements and register accounts directly by sending a crafted request with action=createuser parameter, exploiting missing authorization checks in the account creation process. The vulnerability affects all installations of the plugin with default or custom configurations where the admin approval feature is enabled. CVSS 5.3 reflects limited confidentiality impact but integrity compromise through unauthorized account creation.
Insecure Direct Object Reference in the WordPress Fluent Forms plugin (versions through 6.2.0) allows authenticated users with Fluent Forms manager-level privileges to bypass form-level access controls via the exportEntries function. Attackers can exfiltrate submissions from forms they should not access, export data from arbitrary database tables, and enumerate table names through error message disclosure. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%) despite the high CVSS score.
Privilege escalation in the InfusedWoo Pro WordPress plugin (versions through 5.1.2) allows authenticated subscriber-level users to elevate themselves to Administrator by abusing the unprotected infusedwoo_gdpr_upddata() function to overwrite their wp_capabilities user meta. No public exploit identified at time of analysis, EPSS is very low (0.04%), and the issue is not listed in CISA KEV, but the technical impact is total once the simple authentication prerequisite is met.
Authentication bypass and privilege escalation in the InfusedWoo Pro WordPress plugin (versions through 5.1.2) lets unauthenticated remote attackers seize administrator accounts by abusing the iwar_save_recipe() AJAX handler. Because the endpoint lacks nonce verification and capability checks, attackers can plant a malicious automation recipe that chains an HTTP post trigger with an auto-login action, so visiting a crafted URL returns valid authentication cookies for any chosen user. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis, and EPSS sits at 0.19% (40th percentile) despite the SSVC assessment of total technical impact and automatable exploitation.
Authentication bypass in the Burst Statistics WordPress plugin versions 3.4.0 through 3.4.1.1 allows unauthenticated remote attackers to impersonate any administrator whose username they know by supplying an arbitrary Basic Authentication password. The flaw resides in flawed return-value handling within the `is_mainwp_authenticated()` function used to validate application passwords from the Authorization header, enabling privilege escalation per request. No public exploit identified at time of analysis, and EPSS is low (0.26%), but the CVSS 9.8 score and SSVC 'total' technical impact mark it as a high-severity authentication bypass worth prioritizing.
Private group member enumeration in GitLab CE/EE affects all versions from 15.1 through unfixed releases 18.9.6, 18.10.5, and 18.11.2, permitting any authenticated user holding project membership to discover the member list of an otherwise private group due to a missing authorization check (CWE-862). The flaw collapses GitLab's tiered permission boundary between project-level and group-level access, leaking organizational membership data to users who have no entitlement to view it. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% (2nd percentile) reflects near-zero observed exploitation probability.
Merge request approval bypass in GitLab Enterprise Edition allows authenticated users to circumvent policy-enforced approval gates due to improper cleanup of orphaned approval policy records. Affected are all GitLab EE deployments running versions from 15.7 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit exists and no active exploitation has been confirmed; however, the integrity impact carries meaningful governance risk in regulated environments where merge approval policies serve as a compliance or change-management control.
Improper access control in GitLab Enterprise Edition allows authenticated users holding only developer-role permissions to remove code owner approval rules from merge requests, effectively bypassing a critical gatekeeping control in the software development lifecycle. Affected are all GitLab EE versions from 11.10 up to (but not including) 18.9.7, 18.10.6, and 18.11.3. No public exploit or active exploitation has been identified at time of analysis; EPSS is 0.01% and CISA SSVC rates exploitation as none, indicating this is a low-urgency but organizationally meaningful integrity issue for teams relying on code owner rules for compliance or security enforcement.
Authorization bypass in the Fluent Forms WordPress plugin (versions ≤6.1.21) allows authenticated Fluent Forms Managers to read, modify, annotate, and delete submissions belonging to forms outside their assigned scope by tampering with a user-controlled form_id query parameter. The flaw stems from the SubmissionPolicy class trusting client-supplied input for authorization decisions, granting cross-form access despite role restrictions. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.03%.
Missing authorization controls in the WP Encryption WordPress plugin (all versions through 7.8.5.10) allow any authenticated subscriber-level user to invoke the `wple_basic_get_requests` function and tamper with SSL lifecycle configuration - resetting SSL setup state, falsely marking SSL as complete, and altering plan selection options. The affected plugin automates Let's Encrypt certificate provisioning for WordPress sites, meaning successful exploitation can silently break or misrepresent a site's HTTPS posture. No public exploit code exists and no active exploitation is confirmed (not in CISA KEV); EPSS at 0.02% and SSVC exploitation rating of 'none' place this firmly in the low-urgency tier despite the low privilege bar.
Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.
Unauthorized debug symbol exposure in GitLab CE/EE allows access to private debugging artifacts from projects the requester should not be able to reach, due to improper authorization controls (CWE-639: Authorization Bypass Through User-Controlled Key). Affected instances span all GitLab CE and EE deployments running versions from 16.7 up through the patched releases 18.9.7, 18.10.6, and 18.11.3 - a broad version window of roughly two years of releases. No public exploit has been identified at time of analysis, EPSS is 0.02% (5th percentile), and CISA SSVC rates exploitation status as none, collectively indicating low near-term exploitation probability despite the wide version exposure.
Authenticated developers in GitLab CE/EE versions before 18.9.7, 18.10.6, and 18.11.3 can bypass PyPI package protection rules and upload restricted packages due to improper authorization checks. Despite CVSS 4.3 rating, the 0.01% EPSS score and CISA SSVC assessment (exploitation: none, automatable: no, technical impact: partial) indicate minimal real-world exploitation risk, with no confirmed active exploitation or public exploits identified at time of analysis.
GitLab Enterprise Edition's instance-level approval rule editing prevention control can be bypassed by authenticated Maintainer-level users due to missing server-side authorization checks (CWE-862). Affected are all GitLab EE versions from 16.10 through before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. An attacker holding Maintainer permissions can modify or delete project approval rules even when an administrator has explicitly enabled the instance-level restriction designed to prevent such changes, undermining the integrity of merge request approval workflows. No public exploit identified at time of analysis, and EPSS is at the 1st percentile, indicating negligible opportunistic exploitation risk.
Authenticated developers in GitLab CE/EE can bypass container registry tag protection policies and delete protected tags due to improper server-side authorization checks (CWE-639), affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The vulnerability was privately disclosed via HackerOne (report 3480620) and remediated in the May 2026 patch release cycle. No public exploit identified at time of analysis, and an EPSS of 0.01% (1st percentile) combined with SSVC exploitation status of 'none' indicate minimal current real-world exploitation risk.
Unauthorized issue disclosure in GitLab CE/EE exposes confidential project data to authenticated Guest-level users who lack explicit project membership. By exploiting an object-level authorization flaw (CWE-639), a Guest user can retrieve issues belonging to projects they have no sanctioned access to, bypassing GitLab's project-level visibility controls. No public exploit exists and EPSS sits at 0.01%, but the broad version range - spanning GitLab 15.1 all the way through 18.11.2 - means a large install base requires patching, and the confidentiality risk is real for organizations using issues to track sensitive engineering or security work.
Payment bypass in LearnPress WordPress LMS Plugin (all versions ≤ 4.3.5) allows authenticated subscribers to enroll in any paid course at zero cost by manipulating a REST API parameter. The flaw stems from improper input handling in the add_to_cart() REST API endpoint where PHP's array_merge() permits attacker-supplied values to silently overwrite hardcoded order defaults - specifically the quantity field - causing the order total to resolve to $0 and bypassing all configured payment gateway enforcement. No public exploit code has been identified at time of analysis, and CISA KEV does not list this vulnerability; SSVC and EPSS both signal low current exploitation pressure, though the low-friction exploit path warrants prompt remediation on revenue-generating LMS deployments.
Authorization bypass in the My Calendar - Accessible Event Manager WordPress plugin (all versions through 3.7.9) allows authenticated attackers with custom-level access or higher to circumvent the moderation and approval workflow by directly manipulating the POST body. The plugin's server-side PHP code in my-calendar-event-editor.php accepted the client-supplied event_approved parameter and used it to override the server-calculated event status, despite UI-level restrictions ostensibly limiting low-privilege users to draft-only submissions. Exploitation enables unauthorized event publishing, cancellation, or marking events private - integrity impacts limited to the event management workflow. No public exploit identified at time of analysis; EPSS (0.02%, 4th percentile) and SSVC (exploitation: none) both indicate negligible current exploitation interest.
Unauthenticated remote information disclosure in CFEngine Enterprise (versions before 3.21.8, 3.24.3, and 3.27.0) allows network attackers to access sensitive data via incorrect access control implementation. The CVSS vector indicates network-accessible exploitation without authentication (AV:N/PR:N) with low attack complexity, enabling automated scanning and exploitation. EPSS probability is low (0.02%, 5th percentile), suggesting limited attacker interest to date, though the authentication bypass tag indicates the vulnerability could expose sensitive configuration or operational data. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Information disclosure in Hoppscotch (versions 2025.7.0 through pre-2026.4.0) allows unauthenticated remote attackers to retrieve all infrastructure secrets in plaintext by issuing a GET request to /v1/onboarding/config when the ONBOARDING_RECOVERY_TOKEN database value is an empty string. The flaw is an incomplete fix for CVE-2026-28215, which patched the POST counterpart but left the read endpoint exposed; publicly available exploit code exists per SSVC, although no public exploit identified at time of analysis in references, and EPSS is low at 0.04%.
Privilege escalation in cPanel and WP Squared allows an authenticated team member account to elevate privileges to the team owner, granting full control over the hosting account. The flaw stems from improper authorization checks within the team-member privilege model and carries a CVSS 7.1 (high integrity impact). EPSS is very low (0.03%) and no public exploit has been identified at time of analysis, but a vendor patch is available.
Cross-workspace IDOR in SQLBot (DataEase) versions prior to 1.8.0 allows authenticated low-privilege users to read and modify database schemas and data sources belonging to other tenants via the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema endpoints. The flaw breaks multi-tenant isolation in a Text-to-SQL platform that brokers access to backend databases, meaning a tenant can pivot to another tenant's data sources. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%), but SSVC rates technical impact as total.
Insufficient authorization enforcement on specific ERPNext endpoints allows authenticated low-privilege users to read sensitive data beyond their permitted role and make limited unauthorized data modifications. Affecting all ERPNext deployments prior to 15.102.0 (v15 branch) and prior to 16.11.0 (v16 branch), an attacker holding any valid user account can invoke unprotected server-side endpoints to access restricted records or alter data outside their role scope. No public exploit code exists and SSVC confirms no active exploitation, but the high confidentiality impact (CVSS C:H) warrants prompt patching - particularly on internet-exposed ERPNext instances where low-privilege accounts may be broadly distributed.
Privilege escalation in ERPNext versions prior to 16.9.1 allows authenticated low-privileged users to modify data outside their assigned role due to missing authorization checks on certain endpoints. The flaw carries a CVSS 9.9 score with scope change, but EPSS is only 0.04% and CISA SSVC reports no observed exploitation, indicating no public exploit identified at time of analysis. The vendor (Frappe) has released a patched version 16.9.1 alongside GHSA-cg5w-7g26-p3w9.
Privilege escalation in MISP threat intelligence platform versions prior to 2.5.37 allows organization administrators to reset authentication keys of site administrator accounts within the same organization, yielding cross-tier access takeover. The flaw stems from missing authorization checks in the auth key reset workflow, enabling an org-admin to harvest a freshly generated site-admin API key. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.06%, but a vendor-released patch (2.5.37) is available.
SQL injection in MISP threat intelligence platform versions prior to 2.5.37 allows remote unauthenticated attackers to manipulate ORDER BY clauses in event and shadow attribute listing endpoints by supplying crafted ordering parameters. The CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.04% and no public exploit identified at time of analysis. Given MISP's role as a repository of sensitive threat-intelligence data shared between organizations, successful exploitation could expose IOCs, attribution data, and partner-shared intelligence.
Insufficient session expiration in Strapi versions prior to 5.33.3 allows an authenticated attacker who has previously obtained a valid refresh token to maintain persistent unauthorized access even after the account owner resets their password. Both the admin panel (@strapi/admin) and the API-facing users-permissions plugin (@strapi/plugin-users-permissions) are affected, covering all Strapi deployments up to and including 5.33.2. Because the refresh-token invalidation logic was gated on a caller-supplied deviceId parameter, a password reset without that parameter left all prior refresh sessions alive - meaning credential rotation failed to evict an attacker for up to 30 days by default. No public exploit has been identified at time of analysis, and SSVC confirms exploitation status as none.
Improper access control in Grafana OSS allows authenticated Editor-role users to delete any annotation instance-wide, regardless of whether they hold read or create permissions on that annotation. The flaw affects a broad version range from 8.5.0 through 13.0.1, exposing organizations to unauthorized data destruction by low-privileged internal users. No active exploitation has been identified at time of analysis (SSVC: none; EPSS: 0.03%, 8th percentile), and no public exploit code exists; real-world risk is constrained by the authentication prerequisite and partial integrity-only impact.
Missing authorization in Grafana OSS's snapshot deletion endpoint allows any authenticated Editor-role user to delete arbitrary snapshots across the platform, regardless of whether they hold read or write access to those snapshots. Affected versions span a wide release range from 9.4.0 through 13.0.1 across multiple major branches (CPE: cpe:2.3:a:grafana:grafana_oss). With EPSS at 0.03% (8th percentile), SSVC exploitation rated none, and no public exploit identified at time of analysis, the practical threat is primarily insider abuse or compromised Editor credentials being used to destroy monitoring data outside an attacker's legitimate scope.
Privilege revocation race condition in Grafana OSS allows a user whose service-account token-minting permission was just revoked to continue minting tokens for several seconds after the revocation event. The flaw, tagged as an authentication bypass affecting multiple supported branches of Grafana OSS (11.x, 12.x, 13.x), can yield high confidentiality and integrity impact by granting persistent API access via newly minted service-account tokens. No public exploit identified at time of analysis, EPSS is very low (0.03%), and SSVC marks exploitation as none - but the vendor has issued patches across all affected branches.
Privilege escalation in Grafana OSS allows an authenticated Editor with write access to a dashboard they do not own to overwrite that dashboard and acquire admin permissions on it. The flaw, tracked as CVE-2026-33377 and disclosed by Grafana with patches across multiple maintained branches, has CVSS 7.1 reflecting high integrity impact via low-privileged network access. There is no public exploit identified at time of analysis, and EPSS sits at 0.03% (8th percentile), but the high integrity impact warrants prompt patching for multi-tenant Grafana deployments.
Incorrect Authorization in Palo Alto Networks Trust Protection Foundation allows adjacent-network unauthenticated attackers to bypass access controls and perform unauthorized actions against restricted resources. Affected version branches include 24.1.x, 24.3.x, 25.1.x, and 25.3.x, with fixed builds available from Palo Alto Networks. No public exploit identified at time of analysis, EPSS sits at the 1st percentile (0.01%), and SSVC rates exploitation as none - but the high availability impact component (VA:H in CVSS 4.0) on vulnerable systems makes patching a priority for organizations with exposed deployments.
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).