Authentication Bypass
Monthly
Incorrect Authorization in Palo Alto Networks Trust Protection Foundation allows adjacent-network unauthenticated attackers to bypass access controls and perform unauthorized actions against restricted resources. Affected version branches include 24.1.x, 24.3.x, 25.1.x, and 25.3.x, with fixed builds available from Palo Alto Networks. No public exploit identified at time of analysis, EPSS sits at the 1st percentile (0.01%), and SSVC rates exploitation as none - but the high availability impact component (VA:H in CVSS 4.0) on vulnerable systems makes patching a priority for organizations with exposed deployments.
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).
Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.
Unauthenticated access to an exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform allows remote attackers to read sensitive operational data including application metrics and health status without any credentials. All versions of the platform prior to 26.03 are affected. The CVSS vector (PR:N/AC:L) confirms no authentication is required and exploitation is straightforward; however, EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' indicate no public exploit or active targeting observed at time of analysis.
Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.
Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access and data control policies via a race condition, potentially exposing restricted data with high confidentiality impact to the vulnerable system. Affected versions span all releases prior to 146.16.6.165, per EUVD-2026-30087 and vendor advisory. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.01% (3rd percentile), and SSVC assessment categorizes exploitation status as none - indicating this is a low-urgency but architecturally meaningful trust boundary weakness in an enterprise browser control product.
Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.
Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.
U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).
Authorization bypass in SiYuan note-taking platform versions up to and including v3.6.5 allows publish-mode Readers (anonymous visitors) and read-only Editors to invoke eight state-mutating APIs that are missing CheckAdminRole and CheckReadonly middleware. Attackers with only basic CheckAuth (including unauthenticated publish visitors) can rewrite the workspace conf.json, manipulate cloud sync intervals, overwrite graph configuration, poison the SQL block index, and tamper with the admin's recent-documents list. No public exploit identified at time of analysis, but a detailed PoC accompanies the advisory and EPSS sits at 0.04% (12th percentile).
Unauthenticated Solr streaming expression injection in Goobi viewer Core (versions 4.8.0 through 26.04) allows remote attackers to fully read, modify, or delete the backend Solr index by posting arbitrary expressions to the `/api/v1/index/stream` endpoint. No public exploit identified at time of analysis, but the vulnerability is trivially exploitable with CVSS 9.8 and bypasses access-condition protections such as moving walls and licence restrictions. EPSS is currently low (0.04%) reflecting the niche audience rather than technical difficulty.
Broken access control in SiYuan's publish-service API allows authenticated RoleReader principals to enumerate workspace metadata from notebooks explicitly marked as private or publish-ignored. Four search endpoints - `/api/search/searchTag`, `/api/search/searchAsset`, `/api/search/searchWidget`, and `/api/search/searchTemplate` - pass the `CheckAuth` middleware that a publish-service RoleReader JWT satisfies, but never apply the `IsReadOnlyRoleContext` filtering logic that sibling endpoints in the same file correctly implement, returning unscoped global workspace results. A proof-of-concept exploit exists per SSVC assessment and is documented in the advisory; the vulnerability is not currently listed in CISA KEV.
Broken access control in SiYuan's `/api/tag/getTag` endpoint (versions prior to 3.7.0) allows any authenticated low-privilege user - including publish-service `RoleReader` accounts and `RoleEditor` accounts on read-only workspaces - to mutate the global `Conf.Tag.Sort` configuration value and trigger a full rewrite of the workspace `conf.json` file. The handler silently executes a privileged write operation (`model.Conf.Save()`) when a `sort` argument is present, despite the endpoint being registered with only `model.CheckAuth` middleware, omitting the `model.CheckAdminRole` and `model.CheckReadonly` guards that sibling write endpoints correctly enforce. Publicly available exploit code exists per SSVC assessment, though no active exploitation has been confirmed (not in CISA KEV; EPSS 0.03%).
Nautobot's REST API fails to enforce user 'view' permissions when resolving GenericForeignKey references during object creation or update, allowing authenticated users to create cross-object associations to records they are explicitly denied access to view. Any Nautobot user holding write access to an affected model - including ImageAttachment, Cable, Note, ContactAssociation, and over a dozen others - can link those records to restricted objects (e.g., Devices) if they know the target's UUID through any side channel. No public exploit has been identified and this vulnerability is not listed in CISA KEV; EPSS of 0.02% (6th percentile) reflects low probability of automated exploitation, though the authorization bypass is straightforward once credentials and a target UUID are in hand.
Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.
A race condition in the Linux kernel's sched_ext BPF scheduler subsystem allows a local low-privileged user to permanently hang the system when sched_ext is actively loaded. Between scx_claim_exit() atomically marking error exit and the subsequent kick of the helper kthread, a preemption window exists where the BPF scheduler - now with error handling disabled - may fail to reschedule the calling task, leaving the helper work permanently unqueued. The result is bypass mode never activating, task dispatching halting, and a complete system wedge. No public exploit has been identified and EPSS sits at 0.02% (5th percentile), but the availability impact is total for affected systems running a custom BPF scheduler.
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NGINX Plus and NGINX Open Source configured with the HTTP/3 QUIC module allows unauthenticated remote attackers to spoof source IP addresses, enabling bypass of authorization checks and rate-limiting controls. The vulnerability affects both commercial and open-source variants when QUIC is explicitly enabled, with patches available from F5.
Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.
Authenticated subscribers can bypass authorization gates and forcibly join any ProfileGrid group - including closed, paid, or restricted groups - through a missing capability check in the pm_invite_user function. Affects all ProfileGrid plugin versions up to 5.9.8.4. The vulnerability enables low-privilege users to circumvent membership restrictions and payment requirements, potentially exposing premium content and private community spaces. EPSS data not provided; no CISA KEV listing identified, indicating no confirmed widespread exploitation at time of analysis. CVSS 7.1 reflects high integrity impact due to authorization bypass capabilities.
Authentication bypass in ProfileGrid - User Profiles, Groups and Communities WordPress plugin up to version 5.9.8.4 allows authenticated Subscriber-level users to modify site-wide group settings through unprotected AJAX actions (pm_set_group_order, pm_set_group_items, pm_set_field_order). Attackers can alter group menu order, list order, icon display, and field ordering without authorization checks. No public exploit code or active exploitation has been identified; CVSS 4.3 (low-moderate severity) reflects limited impact scope to integrity without confidentiality or availability impact.
RTMKit Addons for Elementor plugin for WordPress allows authenticated attackers with Author-level access or higher to modify or reset site-wide widget configurations due to missing capability checks in the save_widget() and reset_all_widgets() functions. This privilege escalation vulnerability affects all versions up to 2.0.2 and enables unauthorized modification of widget data across the entire WordPress site, impacting site integrity and user experience.
Authenticated attackers with Subscriber-level access can modify the API key stored in the Hostinger Reach WordPress plugin (versions up to 1.3.8) due to missing capability checks in the AJAX handler, but only when the plugin is not yet connected to a site and the database contains no existing API key. The vulnerability allows unauthorized data modification via the 'hostinger_reach_connection_notice_action' action with CVSS 5.3 (network-accessible, high integrity impact, but requiring low-privilege authentication and non-standard conditions).
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
Authenticated instructors in Tutor LMS versions up to 3.9.9 can manipulate course ownership logic via an attacker-controlled GET parameter to perform unauthorized operations on other instructors' courses, including deleting lessons, quizzes, assignments, and student data, or modifying course content and grades. The vulnerability stems from the `get_course_id_by()` function unconditionally trusting user-supplied input instead of validating course ownership, bypassing the plugin's primary authorization gate. No public exploit code or active exploitation has been identified at time of analysis.
Unauthenticated attackers can retrieve any support ticket content from the ilGhera Support System for WooCommerce plugin (versions up to 1.3.0) by exploiting a missing capability check in the 'get_ticket_content_callback' function, exposing sensitive customer data and private communications without authentication. The vulnerability requires only a valid ticket ID and network access, with no active public exploitation confirmed at time of analysis, but the low attack complexity and unauthenticated nature make it practically exploitable against any WordPress site running the affected plugin.
Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to 8.9.0 allows authenticated attackers to delete any user's published and scheduled social media post records due to missing ownership verification in the deleteUserPublishPost() and deleteUserSchedPost() functions. Attackers can supply arbitrary sequential post IDs to permanently soft-delete other users' B2S post records, disrupting content publishing workflows across multiuser WordPress installations. This vulnerability requires valid WordPress user authentication but no elevated privileges.
Broadstreet WordPress plugin up to version 1.53.1 allows authenticated attackers with Subscriber-level access to create advertisers via missing capability checks on the create_advertiser AJAX action, enabling privilege escalation and unauthorized modification of advertising data.
Unauthenticated attackers can manipulate product prices in WooCommerce carts via an unprotected AJAX action in the Cost Calculator Builder plugin for WordPress (versions up to 4.0.1) when used with Cost Calculator Builder PRO. The vulnerability stems from the ccb_woocommerce_payment AJAX endpoint being registered without authentication requirements (wp_ajax_nopriv) and failing to validate user input before passing it to checkout initialization, allowing price modification without authorization. This is an Insecure Direct Object Reference (IDOR) flaw with moderate CVSS score (5.3) that enables integrity violations but not confidentiality breaches or availability impact.
OpenLearnX versions prior to 2.0.4 contain a critical authentication bypass vulnerability caused by disabled JWT signature verification, enabling unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability has been patched in version 2.0.4. No public exploit code or active exploitation has been identified at time of analysis.
Authentication bypass in Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to execute arbitrary commands via WebSocket API. The web interface implements client-side-only authentication while the WebSocket backend enforces no authentication, enabling complete bypass by directly accessing remote APIs. With CVSS 7.3 (AV:N/AC:L/PR:N) but only 0.03% EPSS probability, this represents a critical design flaw in deployed devices rather than actively exploited widespread threat. No public exploit identified at time of analysis.
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3.
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release therefore remains exploitable by the PoC published with the original advisory. This vulnerability is fixed in 7.3.1.
The MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
## Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/ ## Summary SillyTavern accepts `Remote-User` (Authelia) and `X-Authentik-Username` (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when `sso.autheliaAuth: true` or `sso.authentikAuth: true` is set in `config.yaml` (both default to `false`). ### Detials SillyTavern implements header-based SSO for Authelia and Authentik. When enabled, the `tryAutoLogin` function (called on every request to `/login`) invokes `headerUserLogin`, which reads an HTTP header set by the upstream proxy and automatically creates an authenticated session for the matching user: `src/users.js:779-801`: ```js async function headerUserLogin(request, header = 'Remote-User') { if (!request.session) { return false; } const remoteUser = request.get(header); // reads any header from any client if (!remoteUser) { return false; } const userHandles = await getAllUserHandles(); for (const userHandle of userHandles) { if (remoteUser.toLowerCase() === userHandle) { const user = await storage.getItem(toKey(userHandle)); if (user && user.enabled) { request.session.handle = userHandle; return true; } } } return false; } ``` `request.get(header)` is Express's wrapper for `req.headers[name.toLowerCase()]`. Express does not distinguish between headers set by a trusted upstream proxy and headers injected by the end client. Without an IP allowlist check, any client can set `Remote-User: ` and receive an authenticated session cookie. ### User Enumeration Pre-Condition The `/api/users/list` endpoint is registered before `requireLoginMiddleware` in `src/server-main.js:236`, making it publicly accessible without authentication: `src/server-main.js:236,239`: ```js app.use('/api/users', usersPublicRouter); // line 236 (public) app.use(requireLoginMiddleware); // line 239 (auth gate) ``` `src/endpoints/users-public.js:26-57`: ```js router.post('/list', async (_request, response) => { if (DISCREET_LOGIN) { return response.sendStatus(204); } const users = await storage.values(x => x.key.startsWith(KEY_PREFIX)); return response.json(viewModels); // returns handle, name, avatar, admin, password flags }); ``` This allows an attacker to enumerate all user handles (including admin handles) without any prior credentials. ## PoC ```bash TARGET="http://localhost:8000" # enumerate users curl -s -X POST "$TARGET/api/users/list" -H "Content-Type: application/json" -d '{}' # inject Remote-User header, receive authsession curl -s -L \ -H "Remote-User: admin-user" \ -c /tmp/st-session.txt \ "$TARGET/login" # obtain CSRF token, call admin API TOKEN=$(curl -s -b /tmp/st-session.txt "$TARGET/csrf-token" | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") curl -s -X POST "$TARGET/api/users/admin/get" \ -H "Content-Type: application/json" \ -H "X-CSRF-Token: $TOKEN" \ -b /tmp/st-session.txt \ -d '{}' ``` --- ## Impact An account takeover, allowing an attacker to do anything a legitimately authorized user can do.
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, without verifying that it matches the actual requested URI. This allows an attacker who possesses any valid digest response (computed for URI-A) to authenticate requests to a completely different protected URI (URI-B), bypassing per-resource access control. This vulnerability is fixed in 3.3.8.
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.
Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds pointing to victim workflow UUIDs to load and execute those workflows under attacker-controlled execution paths, exposing victim workflow outputs and triggering workflow nodes with unintended side effects.
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces that the client sends readonly=true (matching the session value), but no event handler checks the readonly value before performing write operations. The flag only controls client-side UI elements (disabling buttons) and response metadata (write: 0, locked: 1). An attacker who sends requests directly (bypassing the UI) can perform all file operations despite readonly=true. This vulnerability is fixed in 4.08.010.
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch - ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full server permissions. An unauthenticated network attacker who knows or guesses a document ID could connect to the document sync WebSocket and read or modify document contents without a valid document token. This vulnerability is fixed in 0.9.7.
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Unauthenticated attackers can modify or delete arbitrary user notification records in Devolutions Server due to missing session validation in notification management endpoints. The vulnerability affects Devolutions Server 2025.3.19.0 and earlier, plus versions 2026.1.6.0 through 2026.1.15.0. CVSS 4.3 indicates low-to-moderate risk, but the EPSS percentile of 4% suggests this is not a high-priority target for automated exploitation despite the authentication bypass tag.
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry is attacker-controlled - X-Forwarded-For is append-only, so the leftmost value is whatever the original HTTP client claimed. By sending a spoofed local IP in the header, an unauthenticated remote attacker passes the trusted-network check and is logged in as the Cleanuparr administrator. This vulnerability is fixed in 2.9.10.
mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account.
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
Windows Event Logging Service privilege escalation allows local authenticated attackers with low-level privileges to gain SYSTEM-level control across Windows 10, Windows 11, and Windows Server 2012+ environments. The vulnerability requires no user interaction and has low attack complexity (AC:L), making exploitation straightforward once initial access is obtained. Microsoft has released patches via their March 2026 security updates, and exploitation requires only standard user credentials on vulnerable systems. CVSS 7.8 HIGH severity with complete compromise of confidentiality, integrity, and availability upon successful exploitation.
Incorrect Authorization in Palo Alto Networks Trust Protection Foundation allows adjacent-network unauthenticated attackers to bypass access controls and perform unauthorized actions against restricted resources. Affected version branches include 24.1.x, 24.3.x, 25.1.x, and 25.3.x, with fixed builds available from Palo Alto Networks. No public exploit identified at time of analysis, EPSS sits at the 1st percentile (0.01%), and SSVC rates exploitation as none - but the high availability impact component (VA:H in CVSS 4.0) on vulnerable systems makes patching a priority for organizations with exposed deployments.
Local privilege escalation in Palo Alto Networks Prisma Access Agent (all versions prior to 26.2.1) allows any locally authenticated non-administrative user to elevate to root on macOS and Linux, or NT AUTHORITY\SYSTEM on Windows, by exploiting a flawed privilege management mechanism. Successful exploitation grants full control of the affected endpoint, enabling arbitrary code execution and unauthorized access to data restricted to privileged accounts. No public exploit exists and the vulnerability is absent from CISA KEV; however, SSVC rates technical impact as total, making patching a meaningful priority for multi-user and enterprise endpoint environments.
Authorization bypass in Palo Alto Networks Prisma Access Agent's Endpoint DLP component permits a locally authenticated attacker with low privileges to circumvent authentication controls and invoke privileged operations. Affected are all Prisma Access Agent versions prior to 26.2.1, with full confidentiality, integrity, and availability impact on the vulnerable component confirmed by the CVSS:4.0 vector (VC:H/VI:H/VA:H). No active exploitation has been identified - SSVC marks exploitation as 'none', EPSS sits at the 1st percentile, and the CVSS exploit maturity is rated 'Unreported' (E:U).
Improper certificate validation in Palo Alto Networks GlobalProtect App exposes macOS and Android users to adversary-in-the-middle attacks from locally adjacent network positions, enabling traffic interception and malicious software installation. The flaw allows an unauthenticated attacker on the same subnet - or a local non-administrative OS user - to redirect encrypted VPN communications to a rogue server by bypassing TLS certificate checks. No public exploit has been identified at time of analysis, EPSS is effectively zero, and CISA SSVC rates exploitation as none, though the high confidentiality and integrity impact on the vulnerable component warrants prompt patching on affected platforms.
Unauthenticated access to an exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform allows remote attackers to read sensitive operational data including application metrics and health status without any credentials. All versions of the platform prior to 26.03 are affected. The CVSS vector (PR:N/AC:L) confirms no authentication is required and exploitation is straightforward; however, EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' indicate no public exploit or active targeting observed at time of analysis.
Authentication bypass in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS allows remote attackers to establish unauthorized VPN connections without valid credentials. The flaw is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, though EPSS remains low at 0.05%, suggesting targeted rather than mass exploitation. Panorama and Cloud NGFW deployments are not affected, but PAN-OS firewalls and Prisma Access tenants running vulnerable trains are exposed.
Policy bypass in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to circumvent access and data control policies via a race condition, potentially exposing restricted data with high confidentiality impact to the vulnerable system. Affected versions span all releases prior to 146.16.6.165, per EUVD-2026-30087 and vendor advisory. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.01% (3rd percentile), and SSVC assessment categorizes exploitation status as none - indicating this is a low-urgency but architecturally meaningful trust boundary weakness in an enterprise browser control product.
Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.
Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.
U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).
Authorization bypass in SiYuan note-taking platform versions up to and including v3.6.5 allows publish-mode Readers (anonymous visitors) and read-only Editors to invoke eight state-mutating APIs that are missing CheckAdminRole and CheckReadonly middleware. Attackers with only basic CheckAuth (including unauthenticated publish visitors) can rewrite the workspace conf.json, manipulate cloud sync intervals, overwrite graph configuration, poison the SQL block index, and tamper with the admin's recent-documents list. No public exploit identified at time of analysis, but a detailed PoC accompanies the advisory and EPSS sits at 0.04% (12th percentile).
Unauthenticated Solr streaming expression injection in Goobi viewer Core (versions 4.8.0 through 26.04) allows remote attackers to fully read, modify, or delete the backend Solr index by posting arbitrary expressions to the `/api/v1/index/stream` endpoint. No public exploit identified at time of analysis, but the vulnerability is trivially exploitable with CVSS 9.8 and bypasses access-condition protections such as moving walls and licence restrictions. EPSS is currently low (0.04%) reflecting the niche audience rather than technical difficulty.
Broken access control in SiYuan's publish-service API allows authenticated RoleReader principals to enumerate workspace metadata from notebooks explicitly marked as private or publish-ignored. Four search endpoints - `/api/search/searchTag`, `/api/search/searchAsset`, `/api/search/searchWidget`, and `/api/search/searchTemplate` - pass the `CheckAuth` middleware that a publish-service RoleReader JWT satisfies, but never apply the `IsReadOnlyRoleContext` filtering logic that sibling endpoints in the same file correctly implement, returning unscoped global workspace results. A proof-of-concept exploit exists per SSVC assessment and is documented in the advisory; the vulnerability is not currently listed in CISA KEV.
Broken access control in SiYuan's `/api/tag/getTag` endpoint (versions prior to 3.7.0) allows any authenticated low-privilege user - including publish-service `RoleReader` accounts and `RoleEditor` accounts on read-only workspaces - to mutate the global `Conf.Tag.Sort` configuration value and trigger a full rewrite of the workspace `conf.json` file. The handler silently executes a privileged write operation (`model.Conf.Save()`) when a `sort` argument is present, despite the endpoint being registered with only `model.CheckAuth` middleware, omitting the `model.CheckAdminRole` and `model.CheckReadonly` guards that sibling write endpoints correctly enforce. Publicly available exploit code exists per SSVC assessment, though no active exploitation has been confirmed (not in CISA KEV; EPSS 0.03%).
Nautobot's REST API fails to enforce user 'view' permissions when resolving GenericForeignKey references during object creation or update, allowing authenticated users to create cross-object associations to records they are explicitly denied access to view. Any Nautobot user holding write access to an affected model - including ImageAttachment, Cable, Note, ContactAssociation, and over a dozen others - can link those records to restricted objects (e.g., Devices) if they know the target's UUID through any side channel. No public exploit has been identified and this vulnerability is not listed in CISA KEV; EPSS of 0.02% (6th percentile) reflects low probability of automated exploitation, though the authorization bypass is straightforward once credentials and a target UUID are in hand.
Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.
A race condition in the Linux kernel's sched_ext BPF scheduler subsystem allows a local low-privileged user to permanently hang the system when sched_ext is actively loaded. Between scx_claim_exit() atomically marking error exit and the subsequent kick of the helper kthread, a preemption window exists where the BPF scheduler - now with error handling disabled - may fail to reschedule the calling task, leaving the helper work permanently unqueued. The result is bypass mode never activating, task dispatching halting, and a complete system wedge. No public exploit has been identified and EPSS sits at 0.02% (5th percentile), but the availability impact is total for affected systems running a custom BPF scheduler.
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NGINX Plus and NGINX Open Source configured with the HTTP/3 QUIC module allows unauthenticated remote attackers to spoof source IP addresses, enabling bypass of authorization checks and rate-limiting controls. The vulnerability affects both commercial and open-source variants when QUIC is explicitly enabled, with patches available from F5.
Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.
Authenticated subscribers can bypass authorization gates and forcibly join any ProfileGrid group - including closed, paid, or restricted groups - through a missing capability check in the pm_invite_user function. Affects all ProfileGrid plugin versions up to 5.9.8.4. The vulnerability enables low-privilege users to circumvent membership restrictions and payment requirements, potentially exposing premium content and private community spaces. EPSS data not provided; no CISA KEV listing identified, indicating no confirmed widespread exploitation at time of analysis. CVSS 7.1 reflects high integrity impact due to authorization bypass capabilities.
Authentication bypass in ProfileGrid - User Profiles, Groups and Communities WordPress plugin up to version 5.9.8.4 allows authenticated Subscriber-level users to modify site-wide group settings through unprotected AJAX actions (pm_set_group_order, pm_set_group_items, pm_set_field_order). Attackers can alter group menu order, list order, icon display, and field ordering without authorization checks. No public exploit code or active exploitation has been identified; CVSS 4.3 (low-moderate severity) reflects limited impact scope to integrity without confidentiality or availability impact.
RTMKit Addons for Elementor plugin for WordPress allows authenticated attackers with Author-level access or higher to modify or reset site-wide widget configurations due to missing capability checks in the save_widget() and reset_all_widgets() functions. This privilege escalation vulnerability affects all versions up to 2.0.2 and enables unauthorized modification of widget data across the entire WordPress site, impacting site integrity and user experience.
Authenticated attackers with Subscriber-level access can modify the API key stored in the Hostinger Reach WordPress plugin (versions up to 1.3.8) due to missing capability checks in the AJAX handler, but only when the plugin is not yet connected to a site and the database contains no existing API key. The vulnerability allows unauthorized data modification via the 'hostinger_reach_connection_notice_action' action with CVSS 5.3 (network-accessible, high integrity impact, but requiring low-privilege authentication and non-standard conditions).
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
Authenticated instructors in Tutor LMS versions up to 3.9.9 can manipulate course ownership logic via an attacker-controlled GET parameter to perform unauthorized operations on other instructors' courses, including deleting lessons, quizzes, assignments, and student data, or modifying course content and grades. The vulnerability stems from the `get_course_id_by()` function unconditionally trusting user-supplied input instead of validating course ownership, bypassing the plugin's primary authorization gate. No public exploit code or active exploitation has been identified at time of analysis.
Unauthenticated attackers can retrieve any support ticket content from the ilGhera Support System for WooCommerce plugin (versions up to 1.3.0) by exploiting a missing capability check in the 'get_ticket_content_callback' function, exposing sensitive customer data and private communications without authentication. The vulnerability requires only a valid ticket ID and network access, with no active public exploitation confirmed at time of analysis, but the low attack complexity and unauthenticated nature make it practically exploitable against any WordPress site running the affected plugin.
Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to 8.9.0 allows authenticated attackers to delete any user's published and scheduled social media post records due to missing ownership verification in the deleteUserPublishPost() and deleteUserSchedPost() functions. Attackers can supply arbitrary sequential post IDs to permanently soft-delete other users' B2S post records, disrupting content publishing workflows across multiuser WordPress installations. This vulnerability requires valid WordPress user authentication but no elevated privileges.
Broadstreet WordPress plugin up to version 1.53.1 allows authenticated attackers with Subscriber-level access to create advertisers via missing capability checks on the create_advertiser AJAX action, enabling privilege escalation and unauthorized modification of advertising data.
Unauthenticated attackers can manipulate product prices in WooCommerce carts via an unprotected AJAX action in the Cost Calculator Builder plugin for WordPress (versions up to 4.0.1) when used with Cost Calculator Builder PRO. The vulnerability stems from the ccb_woocommerce_payment AJAX endpoint being registered without authentication requirements (wp_ajax_nopriv) and failing to validate user input before passing it to checkout initialization, allowing price modification without authorization. This is an Insecure Direct Object Reference (IDOR) flaw with moderate CVSS score (5.3) that enables integrity violations but not confidentiality breaches or availability impact.
OpenLearnX versions prior to 2.0.4 contain a critical authentication bypass vulnerability caused by disabled JWT signature verification, enabling unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability has been patched in version 2.0.4. No public exploit code or active exploitation has been identified at time of analysis.
Authentication bypass in Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to execute arbitrary commands via WebSocket API. The web interface implements client-side-only authentication while the WebSocket backend enforces no authentication, enabling complete bypass by directly accessing remote APIs. With CVSS 7.3 (AV:N/AC:L/PR:N) but only 0.03% EPSS probability, this represents a critical design flaw in deployed devices rather than actively exploited widespread threat. No public exploit identified at time of analysis.
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3.
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release therefore remains exploitable by the PoC published with the original advisory. This vulnerability is fixed in 7.3.1.
The MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
## Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/ ## Summary SillyTavern accepts `Remote-User` (Authelia) and `X-Authentik-Username` (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when `sso.autheliaAuth: true` or `sso.authentikAuth: true` is set in `config.yaml` (both default to `false`). ### Detials SillyTavern implements header-based SSO for Authelia and Authentik. When enabled, the `tryAutoLogin` function (called on every request to `/login`) invokes `headerUserLogin`, which reads an HTTP header set by the upstream proxy and automatically creates an authenticated session for the matching user: `src/users.js:779-801`: ```js async function headerUserLogin(request, header = 'Remote-User') { if (!request.session) { return false; } const remoteUser = request.get(header); // reads any header from any client if (!remoteUser) { return false; } const userHandles = await getAllUserHandles(); for (const userHandle of userHandles) { if (remoteUser.toLowerCase() === userHandle) { const user = await storage.getItem(toKey(userHandle)); if (user && user.enabled) { request.session.handle = userHandle; return true; } } } return false; } ``` `request.get(header)` is Express's wrapper for `req.headers[name.toLowerCase()]`. Express does not distinguish between headers set by a trusted upstream proxy and headers injected by the end client. Without an IP allowlist check, any client can set `Remote-User: ` and receive an authenticated session cookie. ### User Enumeration Pre-Condition The `/api/users/list` endpoint is registered before `requireLoginMiddleware` in `src/server-main.js:236`, making it publicly accessible without authentication: `src/server-main.js:236,239`: ```js app.use('/api/users', usersPublicRouter); // line 236 (public) app.use(requireLoginMiddleware); // line 239 (auth gate) ``` `src/endpoints/users-public.js:26-57`: ```js router.post('/list', async (_request, response) => { if (DISCREET_LOGIN) { return response.sendStatus(204); } const users = await storage.values(x => x.key.startsWith(KEY_PREFIX)); return response.json(viewModels); // returns handle, name, avatar, admin, password flags }); ``` This allows an attacker to enumerate all user handles (including admin handles) without any prior credentials. ## PoC ```bash TARGET="http://localhost:8000" # enumerate users curl -s -X POST "$TARGET/api/users/list" -H "Content-Type: application/json" -d '{}' # inject Remote-User header, receive authsession curl -s -L \ -H "Remote-User: admin-user" \ -c /tmp/st-session.txt \ "$TARGET/login" # obtain CSRF token, call admin API TOKEN=$(curl -s -b /tmp/st-session.txt "$TARGET/csrf-token" | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") curl -s -X POST "$TARGET/api/users/admin/get" \ -H "Content-Type: application/json" \ -H "X-CSRF-Token: $TOKEN" \ -b /tmp/st-session.txt \ -d '{}' ``` --- ## Impact An account takeover, allowing an attacker to do anything a legitimately authorized user can do.
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, without verifying that it matches the actual requested URI. This allows an attacker who possesses any valid digest response (computed for URI-A) to authenticate requests to a completely different protected URI (URI-B), bypassing per-resource access control. This vulnerability is fixed in 3.3.8.
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.
Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds pointing to victim workflow UUIDs to load and execute those workflows under attacker-controlled execution paths, exposing victim workflow outputs and triggering workflow nodes with unintended side effects.
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces that the client sends readonly=true (matching the session value), but no event handler checks the readonly value before performing write operations. The flag only controls client-side UI elements (disabling buttons) and response metadata (write: 0, locked: 1). An attacker who sends requests directly (bypassing the UI) can perform all file operations despite readonly=true. This vulnerability is fixed in 4.08.010.
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch - ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full server permissions. An unauthenticated network attacker who knows or guesses a document ID could connect to the document sync WebSocket and read or modify document contents without a valid document token. This vulnerability is fixed in 0.9.7.
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled.
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Unauthenticated attackers can modify or delete arbitrary user notification records in Devolutions Server due to missing session validation in notification management endpoints. The vulnerability affects Devolutions Server 2025.3.19.0 and earlier, plus versions 2026.1.6.0 through 2026.1.15.0. CVSS 4.3 indicates low-to-moderate risk, but the EPSS percentile of 4% suggests this is not a high-priority target for automated exploitation despite the authentication bypass tag.
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry is attacker-controlled - X-Forwarded-For is append-only, so the leftmost value is whatever the original HTTP client claimed. By sending a spoofed local IP in the header, an unauthenticated remote attacker passes the trusted-network check and is logged in as the Cleanuparr administrator. This vulnerability is fixed in 2.9.10.
mem0 1.0.0 server accepts unauthenticated POST requests to the /memories endpoint, allowing remote attackers to inject arbitrary memory records without identity verification or authorization checks. This authentication bypass enables data pollution and unauthorized modification of the memory database with spoofed entries. EPSS exploitation probability is low (0.05th percentile), and no active exploitation has been confirmed, but the vulnerability is automatable and affects default configurations.
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account.
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
Windows Event Logging Service privilege escalation allows local authenticated attackers with low-level privileges to gain SYSTEM-level control across Windows 10, Windows 11, and Windows Server 2012+ environments. The vulnerability requires no user interaction and has low attack complexity (AC:L), making exploitation straightforward once initial access is obtained. Microsoft has released patches via their March 2026 security updates, and exploitation requires only standard user credentials on vulnerable systems. CVSS 7.8 HIGH severity with complete compromise of confidentiality, integrity, and availability upon successful exploitation.