Authentication Bypass

Unauthenticated access to diagnostic endpoints in Sage DPW 2025_06_004 Database Monitor feature discloses sensitive information including password hashes and database table names when non-default configuration is enabled. The vulnerability affects only installations with this feature explicitly enabled (disabled by default); Sage DPW Cloud is not vulnerable. This configuration was forcibly disabled in version 2025_06_003, indicating a prior history of this issue. EPSS score of 5.9 reflects moderate exploitation probability despite unauthenticated network accessibility.

Mbed TLS versions 3.5.0 through 4.0.0 allow client impersonation during TLS 1.3 session resumption, enabling an attacker to assume the identity of a legitimate client when reestablishing a previously negotiated session. The vulnerability affects the session resumption mechanism in TLS 1.3 and permits information disclosure; no CVSS score or exploit status data is currently available from public sources.

Flask-HTTPAuth versions prior to 4.8.1 allow authentication bypass when applications store empty string tokens in their user database, enabling unauthenticated attackers to authenticate as any user with an empty token set by submitting requests without a token or with an empty token value. This affects only token-based authentication mechanisms that verify tokens via database lookup rather than cryptographic means (e.g., JWTs). CVSS score 6.5 reflects moderate integrity impact with low computational attack complexity, and no public exploit code has been identified at the time of analysis.

Server-Side Request Forgery (SSRF) in FastMCP's OpenAPIProvider allows authenticated attackers to access arbitrary backend endpoints through path traversal injection in OpenAPI path parameters. The vulnerability arises from improper URL encoding in the RequestDirector._build_url() method, enabling attackers to escape intended API prefixes using '../' sequences and reach internal administrative or sensitive endpoints while inheriting the MCP provider's authentication context. This affects the fastmcp Python package and enables privilege escalation beyond the OpenAPI specification's intended API surface. No public exploit identified at time of analysis, though detailed proof-of-concept code exists in the GitHub advisory demonstrating traversal to /admin endpoints.

FastMCP OAuthProxy allows authentication bypass through a Confused Deputy attack, enabling attackers to hijack victim OAuth sessions and gain unauthorized access to MCP servers. When victims who previously authorized a legitimate MCP client are tricked into opening a malicious authorization URL, the OAuthProxy fails to validate browser-bound consent, redirecting valid authorization codes to attacker-controlled clients. This affects the GitHubProvider integration and potentially all OAuth providers that skip consent prompts for previously authorized applications. No public exploit identified at time of analysis, though detailed reproduction steps are publicly documented in the GitHub security advisory.

Unauthenticated information disclosure in SiYuan personal knowledge management system versions before 3.6.2 allows remote attackers to retrieve confidential content from password-protected documents via the publish service's bookmark API endpoint. The vulnerability bypasses document-level access controls by treating nil authentication contexts as authorized during bookmark filtering, exposing any bookmarked blocks without password verification. CVSS 7.5 (High) with network-based exploitation requiring no privileges or user interaction; no public exploit identified at time of analysis, though the security advisory provides detailed technical disclosure.

Improper access controls in D-Link DNS and DNR network-attached storage devices allow unauthenticated remote attackers on adjacent networks to access IPv6 configuration functions via the cgi_get_ipv6 function in /cgi-bin/network_mgr.cgi, potentially disclosing sensitive network configuration information. The vulnerability affects multiple D-Link models up to firmware version 20260205, publicly available exploit code exists, and the attack requires only network adjacency with low complexity.

WWBN AVideo versions 26.0 and prior allow authenticated uploaders to bypass content moderation by directly setting video status to active via an unvalidated overrideStatus parameter, circumventing admin-controlled review workflows. The vulnerability affects any user with upload permissions and has a CVSS score of 4.3 (low-to-moderate severity) with no public exploit code identified at time of analysis.

Authenticated users in WWBN AVideo 26.0 and prior can cancel arbitrary Stripe subscriptions through an exposed test.php debug endpoint in the StripeYPT plugin, exploiting a logic error in the retrieveSubscriptions() method that performs cancellation instead of retrieval. The vulnerability requires valid login credentials but allows any authenticated user-not just administrators-to trigger subscription cancellations, causing integrity violations to payment operations. No public exploit code or active exploitation has been reported at time of analysis, and vendor patches are not yet available.

Unauthenticated remote attackers can bypass CLI-only access controls in WWBN AVideo versions 26.0 and prior via a PHP operator precedence bug in install/deleteSystemdPrivate.php, allowing HTTP access to delete server temp directory files and disclose their contents without authentication. The vulnerability stems from a logic error where !php_sapi_name() === 'cli' evaluates incorrectly due to operator binding precedence, causing the access guard to fail entirely. No public exploit code or active exploitation has been reported at the time of this analysis.

WWBN AVideo 26.0 and prior exposes sensitive user data through 21 unauthenticated API endpoints via the CreatePlugin template generator. The list.json.php template lacks authentication checks present in its companion add.json.php and delete.json.php templates, allowing remote attackers to enumerate and retrieve user PII, payment logs, IP addresses, user agents, and internal system records without authentication. No vendor patch exists at time of analysis.

Unauthenticated attackers can remotely terminate any active live stream in WWBN AVideo 26.0 and prior by sending crafted POST requests to the on_publish_done.php endpoint in the Live plugin. The vulnerability combines two weaknesses: an unauthenticated stats.json.php endpoint that exposes active stream keys, and the on_publish_done.php RTMP callback handler that processes stream termination requests without authentication or authorization checks. This enables complete denial-of-service against all platform live streaming functionality. CVSS 7.5 (High) with network attack vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis; EPSS data not available.

Information disclosure in WWBN AVideo versions 26.0 and prior allows authenticated users to enumerate and dump the complete user database including personal information and wallet balances via the /plugin/YPTWallet/view/users.json.php endpoint. The vulnerability stems from inadequate authorization checks that verify user login status but fail to enforce administrator-only access, enabling any registered account holder to retrieve sensitive data belonging to all platform users. No public exploit code or active exploitation has been confirmed at time of analysis, and vendor patches are not yet available.

Unauthenticated remote access to restricted documents in Admidio 5.0.0-5.0.7 Docker deployments allows disclosure of role-protected files. The Docker image's Apache configuration disables .htaccess processing (AllowOverride None), bypassing intended access controls on uploaded documents. Attackers can directly retrieve files via HTTP without authentication using paths disclosed in upload response JSON. CVSS 7.5 (High) with network-based attack vector and no authentication required. No public exploit identified at time of analysis, though exploitation is straightforward given the configuration flaw.

PdfDing prior to version 1.7.1 permits authenticated users to bypass access controls on shared PDF documents by accessing content after expiration, view limits, or soft-deletion due to incomplete validation in the check_shared_access_allowed() function. The Serve and Download endpoints rely solely on session existence checks without verifying SharedPdf.inactive or SharedPdf.deleted flags, allowing previously-authorized users to retrieve sensitive content that should no longer be accessible. This authentication bypass affects all versions before 1.7.1 and requires valid authentication credentials to exploit.

Unauthenticated remote code execution in PX4 Autopilot via MAVLink protocol allows network attackers to execute arbitrary commands through SERIAL_CONTROL messages when message signing is disabled. The MAVLink 2.0 protocol in PX4 accepts unsigned messages by default, enabling any party with network access to the MAVLink interface to send interactive shell commands without cryptographic authentication. EPSS data not provided; no KEV status confirmed; reported by ICS-CERT indicating potential operational technology impact.

Parse Server versions prior to 8.6.71 and 9.7.1-alpha.1 allow HTTP Range requests to bypass the afterFind trigger and its validators when downloading files from streaming-capable storage adapters like GridFS, enabling unauthorized access to protected files that should be restricted by authentication or authorization logic. This authentication bypass affects all deployments using affected versions with file protection policies enforced via afterFind triggers.

Prototype pollution in Lodash 4.17.23 and earlier allows unauthenticated remote attackers to delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) via array-wrapped path segments in _.unset and _.omit functions, bypassing the incomplete fix for CVE-2025-13465. The vulnerability has a CVSS score of 6.5 with low integrity and availability impact; no public exploit code or active exploitation has been confirmed at time of analysis.

Anritsu MS27100A/MS27101A/MS27102A/MS27103A Remote Spectrum Monitors contain a design-level authentication bypass allowing unauthenticated remote attackers to fully access and manipulate the management interface. This is not a configuration weakness but an inherent architectural flaw (CWE-306: Missing Authentication) with CVSS 9.3 critical severity. No public exploit identified at time of analysis, but trivial exploitation is expected given the complete absence of authentication mechanisms. ICS-CERT advisory confirms the vulnerability affects operational technology environments.

Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-beta allow authenticated moderators to bypass category permission controls and retrieve post content, topic titles, and usernames from categories they lack authorization to access via a sentiment analytics endpoint. Patches are available (2026.1.3, 2026.2.2, 2026.3.0); no public exploit code or active exploitation has been identified.

Discourse versions 2026.1.0 through 2026.1.2, 2026.2.0 through 2026.2.1, and 2026.3.0-beta retain unauthorized poll interaction capabilities for users who have lost access to private topics, allowing them to vote on and toggle poll status despite removal from category group membership. While no topic content is exposed, the vulnerability permits state modification in topics to which access should have been revoked, violating the intended access control model. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available, and no public exploit code has been identified.

Category group moderators in Discourse versions 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-pre can perform privileged actions (such as topic moderation) on content within private categories to which they lack read access, bypassing intended access controls. This authenticated privilege escalation affects self-hosted and managed Discourse instances and has been resolved in versions 2026.1.3, 2026.2.2, and 2026.3.0+. No public exploit code or active exploitation has been reported at this time.

Authorization bypass in SciTokens C++ library (versions prior to 1.4.1) allows authenticated attackers to access unauthorized filesystem paths via flawed scope validation. The library's path-prefix matching does not enforce path-segment boundaries, enabling a token scoped to '/data/project1' to incorrectly authorize access to '/data/project10' or '/data/project1-backup'. CVSS 8.1 (High) reflects the significant confidentiality and integrity impact, though exploitation requires low-privilege authenticated access (PR:L). No public exploit identified at time of analysis, with EPSS data not available for recent CVE. Vendor-released patch available in version 1.4.1.

Unauthenticated attackers can hijack all active Sliver C2 sessions and beacons through a single malicious link clicked by an operator, gaining immediate silent control to exfiltrate collected intelligence or destroy compromised infrastructure, prior to version 1.7.4. The vulnerability exploits browser-based interaction with the custom Wireguard netstack, bypassing authentication entirely via a user-interaction attack vector. This is a critical supply-chain risk for red teams and penetration testers relying on Sliver for command-and-control operations.

Parse Server versions prior to 8.6.70 and 9.7.0-alpha.18 allow authenticated users with find class-level permissions to bypass protectedFields restrictions on LiveQuery subscriptions by submitting array-like objects with numeric keys instead of proper arrays in $or, $and, or $nor operators. This enables information disclosure through a binary oracle attack that reveals whether protected fields match attacker-supplied values. The vulnerability requires prior authentication and find-level access but no user interaction, affecting all deployments of vulnerable Parse Server versions.

Authenticated users in Parse Server prior to versions 8.6.69 and 9.7.0-alpha.14 can bypass immutability protections on session fields by submitting null values in PUT requests to the session update endpoint, allowing indefinite session validity and circumventing configured session expiration policies. The vulnerability requires valid authentication credentials to exploit and has been patched in the specified versions.

Search Guard FLX versions 3.0.0 through 4.0.1 allow authenticated users with insufficient privileges to execute unauthorized management operations on data streams due to improper access control, enabling privilege escalation with high confidentiality and integrity impact. The CVSS score of 6.8 reflects network accessibility and moderate attack complexity, with active data stream manipulation possible after authentication. No public exploit code or confirmed active exploitation has been identified at this time.

Parse Server Cloud Function validator bypass allows unauthenticated remote attackers to execute protected server-side functions by exploiting prototype chain traversal. Attackers append 'prototype.constructor' to Cloud Function URLs to circumvent access controls (requireUser, requireMaster, custom validators), enabling unauthorized execution of backend business logic. Affects Parse Server versions prior to 8.6.67 and 9.7.0-alpha.11. No public exploit identified at time of analysis, though the attack vector is network-accessible with low complexity (CVSS:4.0 AV:N/AC:L/PR:N). The vulnerability stems from inconsistent prototype chain resolution between handler and validator stores (CWE-863: Incorrect Authorization).

WebSocket session fixation in OpenClaw before version 2026.3.28 enables attackers to maintain unauthorized access after credential revocation. The vulnerability permits unauthenticated remote attackers (CVSS PR:N) to exploit persistent WebSocket connections that fail to terminate when device tokens are revoked, resulting in high confidentiality impact. No public exploit identified at time of analysis, though the attack vector is network-accessible with low complexity. EPSS data not available; affects OpenClaw deployments with WebSocket-based device communication.

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access by exploiting missing scope validation in the device pairing approval workflow. The /pair approve command fails to forward caller scopes during approval checks, enabling attackers with basic pairing privileges-or potentially no privileges given the CVSS PR:N vector-to approve device requests with elevated admin scopes. EPSS data not available; no public exploit identified at time of analysis, though the CVSS 9.8 reflects trivial exploitation due to network accessibility, low complexity, and no authentication barrier. Vendor-released patch: commit e403dec (2026.3.28+).

Authorization policy bypass in OpenClaw messaging extensions allows unauthenticated remote attackers to circumvent sender allowlist restrictions and interact with bots without authorization. The vulnerability affects OpenClaw versions prior to 2026.3.28, specifically impacting Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy during resolution. With CVSS 9.8 (critical severity, network-accessible, no authentication required) and EPSS data unavailable, this represents a significant access control failure. No public exploit identified at time of analysis, though the attack complexity is low and requires no user interaction.

Privilege escalation in OpenClaw versions prior to 2026.3.28 enables unauthenticated remote attackers to approve node pairings with unauthorized elevated scopes, bypassing authorization controls through missing callerScopes validation in the node pairing approval mechanism. This vulnerability (CWE-863: Incorrect Authorization) allows attackers to extend privileges onto paired nodes beyond their intended authorization level. CVSS 9.8 Critical with network-accessible attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE.

Unauthenticated attackers can force OpenClaw versions before 2026.3.28 to download and store arbitrary media files through Zalo messaging channels, bypassing sender authorization checks. The flaw allows remote exploitation without authentication (CVSS 9.8 critical) to consume network bandwidth and storage resources. No public exploit identified at time of analysis, though the attack vector is straightforward given the lack of pre-validation authorization checks. Vendor-released patch available via commit 68ceaf7a5.

Nhost CLI MCP server before version 1.41.0 allows cross-origin requests without authentication when explicitly configured to listen on a network port, enabling malicious websites to invoke privileged tools using developer credentials. The vulnerability requires two explicit non-default configuration steps and does not affect the default configuration, significantly limiting real-world exposure.

Unauthenticated HTTP proxy abuse in FastGPT (AI Agent platform) prior to v4.14.9.5 allows remote attackers to relay arbitrary HTTP requests through the server. The /api/core/app/httpTools/runTool endpoint accepts user-controlled URLs, methods, headers, and body parameters without authentication, functioning as an open proxy for network pivoting, credential theft, and internal network reconnaissance. CVSS 10.0 (Critical) with network attack vector and no privileges required. No public exploit identified at time of analysis, though exploitation is trivial given the exposed endpoint design. EPSS data not available.

PowerDNS dnsdist allows unauthenticated DNS over HTTPS (DoH) queries to bypass access control lists when the early_acl_drop option is disabled on nghttp2 frontends, exposing the DNS resolver to unauthorized query submission and potential information disclosure. Affected versions include dnsdist across multiple releases where this configuration weakness exists; the vulnerability has a CVSS score of 6.5 and exposes both confidentiality and integrity concerns despite not affecting availability.

User Profile Builder plugin for WordPress up to version 3.15.5 allows authenticated subscribers and above to reassign ownership of arbitrary posts and attachments through insecure direct object reference (IDOR) in the wppb_save_avatar_value() function. The vulnerability lacks validation on user-controlled keys, enabling privilege escalation where low-privileged users can modify post_author fields to take control of content created by other users. No public exploit code or active exploitation has been identified at time of analysis.

Authorization bypass in OpenClaw's Microsoft Teams plugin allows unauthenticated remote attackers to circumvent sender allowlists and trigger replies in restricted Teams routes. Affecting OpenClaw versions before 2026.3.8, the flaw manifests when team/channel route allowlists contain empty groupAllowFrom parameters, causing the message handler to synthesize wildcard sender authorization instead of enforcing intended restrictions. No public exploit identified at time of analysis, though CVSS 7.5 reflects network-accessible exploitation with low complexity requiring no authentication. Vendor-released patch available in version 2026.3.8 with upstream commit 88aee916.

OpenClaw before version 2026.3.12 allows authenticated attackers to bypass rate limiting on webhook secret validation by exploiting a logic flaw that applies rate limits only after successful authentication, enabling brute-force attacks against webhook credentials and injection of forged Zalo webhook traffic. The vulnerability requires authenticated access but results in high-confidence credential compromise.

Authorization bypass in OpenClaw Microsoft Teams plugin (versions before 2026.3.8) permits unauthenticated attackers to circumvent sender allowlists when team/channel routes are configured with empty groupAllowFrom parameters. Remote attackers can exploit this network-accessible flaw with low complexity to trigger unauthorized message replies and access sensitive information in allowlisted Teams routes. EPSS and KEV data not available for this recent CVE; no public exploit identified at time of analysis.

Webhook secret brute-forcing in OpenClaw before 2026.3.12 enables attackers to forge authenticated webhooks by exploiting pre-authentication rate limit bypass. Unauthenticated remote attackers can systematically guess webhook secrets without triggering rate limiting (which only applies post-authentication), then submit forged webhook payloads to compromise system integrity and confidentiality. CVSS 9.8 (Critical) with network attack vector and no authentication required. No public exploit identified at time of analysis, though exploitation requires only standard HTTP tooling. EPSS data not available; exploitation appears automatable given the straightforward nature of brute-force attacks against webhook endpoints.

Sandbox escape in OpenClaw (before version 2026.3.11) allows local authenticated users to write arbitrary files outside validated directories via a TOCTOU race condition during staged file writes. The fs-bridge component fails to anchor temporary file operations to verified parent directories, enabling attackers to manipulate path aliases between validation and execution phases. CVSS 7.5 (High) reflects the local attack vector with high complexity, but scope change (S:C) indicates potential container/sandbox breakout. No public exploit identified at time of analysis, though the race condition vulnerability class (CWE-367) is well-understood by attackers.

OpenClaw before 2026.3.11 allows authenticated local attackers to bypass sandbox boundaries and write files outside validated paths via a time-of-check-time-of-use race condition in the fs-bridge writeFile commit operation. An attacker with local access and sufficient privileges can exploit unanchored container paths during file move operations to redirect committed files outside the sandbox, achieving arbitrary file write capabilities within the container mount namespace. No public exploit code or active exploitation has been confirmed.

OpenClaw before version 2026.3.11 allows authenticated users to bypass authorization restrictions and modify protected configuration on sibling accounts through channel commands, despite configWrites: false restrictions. An attacker with legitimate access to one account can execute /config set commands targeting another account's channel provider configuration, achieving unauthorized modification of settings across account boundaries. This vulnerability is neither actively exploited nor known to have public proof-of-concept code available.

OpenClaw before version 2026.3.11 allows local authenticated users to bypass local authentication boundaries through a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are incorrectly treated as unset, enabling fallback to remote credentials in local-only mode. The vulnerability requires local access and specific misconfiguration of auth references but can result in information disclosure if an attacker selects incorrect credential sources via CLI and helper paths. No public exploit code or active exploitation has been identified.

OpenClaw before 2026.3.8 allows authenticated remote attackers to bypass approval controls in the system.run function by obtaining approval for a script, modifying the approved script file before execution, and executing malicious content while preserving the approved command structure. This approval-execution window vulnerability enables privilege escalation and code execution with low complexity and no user interaction required. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authorization bypass in OpenClaw 2026.3.7 through 2026.3.10 enables remote unauthenticated attackers to execute privileged gateway operations through plugin subagent routes. The vulnerability exploits synthetic operator clients with excessive administrative scopes, allowing attackers to delete sessions and execute agent commands without authentication. CVSS 7.7 (High) with network attack vector but high complexity (AC:H). No public exploit identified at time of analysis, though technical details are available via GitHub security advisory and VulnCheck analysis.

Insecure Direct Object Reference (IDOR) in 1millionbot Millie chat allows unauthenticated remote attackers to access other users' private chatbot conversations by manipulating conversation IDs in API requests to 'api.1millionbot.com/api/public/conversations/'. An attacker with knowledge of a target conversation ID can retrieve sensitive or confidential data without authentication. No public exploit code or active exploitation has been independently confirmed at the time of analysis.

Unauthenticated attackers can modify WooPayments plugin settings through a missing capability check in the 'save_upe_appearance_ajax' AJAX function, affecting all versions up to and including 10.5.1. This allows remote attackers to alter payment appearance configurations without authentication, potentially disrupting payment processing or customer experience. No public exploit code or active exploitation has been identified at time of analysis.

Unauthenticated attackers can directly access view PHP files in the Truebooker WordPress plugin (versions up to 1.1.4) to disclose sensitive information, such as user data or system configuration details exposed in those templates. The vulnerability requires only network access and no authentication, making it trivially exploitable via simple HTTP requests to exposed PHP files. No public exploit code or active exploitation has been confirmed at this time.

Authorization bypass in SciTokens library (versions prior to 1.9.6) allows authenticated users with valid tokens scoped to specific paths to access unintended sibling paths through flawed prefix-matching validation logic. An attacker with a token for '/john' can access '/johnathan' or '/johnny' due to incorrect string prefix validation in the Enforcer component, enabling unauthorized data access and modification (CVSS 8.1, High integrity/confidentiality impact). No public exploit identified at time of analysis, though the vulnerability is straightforward to exploit with valid credentials (EPSS data not provided, CVSS complexity rated Low).

baserCMS versions prior to 5.2.3 allow unauthenticated remote attackers to bypass administrative form submission controls via a public mail API, enabling arbitrary form submissions even when the form is configured to reject new entries. This authentication bypass has a CVSS score of 5.3 and permits attackers to inject spam or abuse content without authorization, circumventing intended intake restrictions. Vendor-released patch available in version 5.2.3.

SourceCodester Loan Management System v1.0 allows authenticated administrators to create loan plans with negative interest rates by submitting negative values in HTTP POST requests, bypassing client-side validation that lacks server-side enforcement. This business logic vulnerability enables attackers with administrative credentials to manipulate loan terms and potentially cause financial harm to the organization. Publicly available exploit code exists demonstrating the attack.

Authentication bypass in OpenOlat e-learning platform versions 10.5.4 through 20.2.4 allows remote unauthenticated attackers to forge authentication tokens due to missing JWT signature verification in OpenID Connect implementation. The platform accepts JWTs without cryptographic validation, enabling attackers to impersonate any user by crafting tokens with arbitrary claims. CVSS 9.8 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis, though the vulnerability is trivial to exploit given the complete absence of signature verification.

Node.js Permission Model bypass in FileHandle.chmod() and FileHandle.chown() promise-based methods allows local authenticated users with restricted --allow-fs-write to modify file permissions and ownership on already-open file descriptors, circumventing intended write restrictions. The vulnerability affects Node.js 20.x, 22.x, 24.x, and 25.x when running under the --permission flag; the callback-based equivalents (fs.fchmod, fs.fchown) were correctly patched in CVE-2024-36137, but the promises API was incompletely fixed. CVSS 3.3 with low real-world impact due to local-only attack vector and requirement for pre-existing file access.

Unix Domain Socket operations in Node.js 25.x bypass permission model enforcement, allowing local processes to create IPC endpoints and communicate with other processes when run with --permission flag but without --allow-net. An authenticated local attacker can establish inter-process communication channels that circumvent the intended network isolation boundary, resulting in information disclosure and potential privilege escalation within the same host. No public exploit code identified at time of analysis, though the vulnerability affects an experimental permission enforcement feature.

Parse Server's GraphQL API endpoint bypasses the configured allowOrigin CORS restriction, allowing cross-origin requests from any website while the REST API correctly enforces the policy. This authentication bypass affects Parse Server instances where operators have configured origin restrictions to limit API access, enabling attackers from arbitrary websites to interact with the GraphQL endpoint without respecting these security controls. The vulnerability has been patched in Parse Server 8 and 9 via upstream fixes, and no public exploit code or active exploitation has been confirmed.

Remote unauthenticated nginx service takeover in nginx-ui's MCP integration allows network attackers to create, modify, or delete nginx configuration files and trigger automatic reloads without authentication. The /mcp_message endpoint lacks authentication middleware while exposing the same MCP tool handlers as the protected /mcp endpoint, and the IP whitelist defaults to empty (allow-all). Attackers can inject malicious server blocks to intercept credentials, exfiltrate backend topology, or crash nginx with invalid configs. CVSS 9.8 (Critical) with network attack vector, no authentication required, and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though detailed proof-of-concept HTTP request provided in advisory.

Remote authenticated attackers can achieve arbitrary command execution on nginx-ui v2.3.3 servers by manipulating encrypted backup archives during restoration. The vulnerability stems from a circular trust model where backup integrity metadata is encrypted using the same AES key provided to clients, allowing attackers to decrypt backups, inject malicious configuration (including command execution directives), recompute valid hashes, and re-encrypt the archive. The restore process accepts tampered backups despite hash verification warnings. Publicly available exploit code exists with detailed proof-of-concept demonstrating configuration injection leading to arbitrary command execution. Vendor-released patch available in nginx-ui v2.3.4. This represents a regression from GHSA-g9w5-qffc-6762, which addressed backup access control but not the underlying cryptographic design flaw.

Improper access controls in osrg GoBGP up to version 4.3.0 allow remote attackers to bypass authentication via manipulation of the BGP Header Handler's DecodeFromBytes function. The vulnerability affects the BGP packet parsing mechanism and enables unauthorized modifications to BGP protocol state without requiring authentication. With a CVSS score of 3.7 and high attack complexity, exploitation is difficult but possible over the network; no public exploit code or active exploitation has been confirmed.

Improper access control in osrg GoBGP up to 4.3.0 allows remote attackers to manipulate the domainNameLen parameter in BGP OPEN Message processing, resulting in integrity compromise through the DecodeFromBytes function. The vulnerability requires high attack complexity and has low real-world risk despite network-accessible attack vector; no public exploit code or confirmed active exploitation has been identified. A vendor patch is available via upstream commit 2b09db390a3d455808363c53e409afe6b1b86d2d.

Unauthenticated attackers can bypass authorization controls in On24 Q&A Chat to enumerate event IDs and retrieve complete question-and-answer histories through the console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.

Hard-coded AWS credentials in AL-KO Robolinho Update Software allow unauthenticated attackers to directly access AL-KO's AWS S3 bucket with read permissions and potentially escalated privileges beyond the application's intended access model. Version 8.0.21.0610 is confirmed vulnerable; the full affected version range is unknown due to lack of vendor cooperation. No public exploit code or active exploitation has been reported, but the credentials are trivially extractable from the application binary.

ArthurFiorette steam-trader 2.1.1 exposes complete Steam account credentials through an unauthenticated API endpoint, enabling account takeover. Attackers can retrieve usernames, passwords, identity secrets, shared secrets, and session tokens via the /users endpoint without authentication (CVSS:3.1 AV:N/AC:L/PR:N). This critical vulnerability (CVSS 10.0) allows generation of valid Steam Guard 2FA codes and complete account hijacking. EPSS data unavailable, no CISA KEV listing, and critically: no patch exists as the repository is archived and unmaintained. Authentication bypass and information disclosure tags confirm trivial exploitation requiring only network access.

Remote improper access control in FRRouting FRR up to version 10.5.1 allows authenticated remote attackers to bypass authorization checks in the EVPN Type-2 Route Handler (process_type2_route function), potentially leading to integrity and availability impacts. The vulnerability requires high attack complexity and authenticated access (PR:L), limiting immediate exploitation risk. An upstream fix (commit 7676cad65114aa23adde583d91d9d29e2debd045) is available; no public exploit code or active CISA KEV designation identified at time of analysis.

Insecure Direct Object Reference in WP Download Monitor plugin (≤5.1.7) enables unauthenticated attackers to complete arbitrary pending orders by manipulating PayPal transaction tokens, allowing theft of paid digital goods. Attackers can pay minimal amounts for low-cost items and use those payment tokens to finalize high-value orders, effectively bypassing payment validation. CVSS 7.5 (High) reflects network-based attack with no authentication required. No public exploit identified at time of analysis, though the attack mechanism is clearly documented in vendor advisories.

Hardcoded password vulnerability in Yokogawa CENTUM VP allows authentication bypass for the PROG system account across versions R5.01.00-R5.04.20, R6.01.00-R6.12.00, and R7.01.00. An attacker who obtains the hardcoded credential and has direct access to the Human Interface Station (HIS) running CTM authentication mode can log in as PROG; however, real-world risk is constrained because PROG defaults to S1 (OFFUSER) permission level, and exploitation requires pre-existing HIS access. No public exploit code or active CISA KEV status identified at time of analysis.

Cross-session credential leakage in awesome-llm-apps Streamlit-based GitHub MCP Agent allows unauthenticated users to retrieve previously stored API tokens and secrets from process-wide environment variables, compromising GitHub Personal Access Tokens and LLM API keys across concurrent session boundaries. The vulnerability stems from improper session isolation in a multi-user Streamlit application that persists credentials in os.environ without clearing them between user sessions, enabling attackers to escalate privileges and access private resources without authentication.

Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS version 10.7.1 permits authenticated users with editor privileges to access sensitive files through crafted requests, resulting in information disclosure. This vulnerability requires valid editor-level credentials and direct knowledge of the vulnerable endpoint, limiting but not eliminating real-world risk. No active exploitation or public proof-of-concept code has been independently confirmed at this time.

Authenticated users in parisneo/lollms (versions before 2.2.0) can hijack friend requests intended for other users through an Insecure Direct Object Reference (IDOR) flaw in the `/api/friends/requests/{friendship_id}` endpoint. The vulnerability enables any logged-in user to accept or reject friendship requests by manipulating the `friendship_id` parameter without authorization checks, leading to unauthorized social graph manipulation and potential account compromise via social engineering. Fixed in version 2.2.0 with commit c462977; no public exploit identified at time of analysis, though the attack is trivially reproducible with standard HTTP tools given the low complexity (CVSS AC:L) and authenticated network access (CVSS AV:N/PR:L).

Unauthenticated file upload in parisneo/lollms versions ≤2.2.0 enables remote attackers to submit arbitrary files for text extraction without authentication via the `/api/files/extract-text` endpoint. The vulnerability (CWE-287: Improper Authentication) allows resource exhaustion DoS attacks and potential information disclosure, with CVSS 7.5 (High) reflecting network-accessible attack surface requiring no privileges. EPSS data not available; no public exploit identified at time of analysis, though the simplicity (AC:L, PR:N) suggests trivial exploitation once endpoint details are known.

Approval bypass in OpenClaw before 2026.3.11 allows low-privileged remote attackers to execute arbitrary code by exploiting race conditions in system.run approvals. Attackers obtain legitimate approval for benign scripts, then overwrite referenced files before execution via vulnerable tsx/jiti runners. With CVSS 9.4 (critical severity, network-accessible, low complexity) and EPSS data not yet available for this 2026 CVE, organizations using OpenClaw's script execution features face immediate risk despite requiring user interaction and low-level authentication. No public exploit identified at time of analysis, though the approval bypass mechanism is documented in vendor advisory GHSA-qc36-x95h-7j53.

OpenClaw before version 2026.3.12 allows authentication bypass in Zalouser allowlist mode by matching mutable group display names instead of stable identifiers, enabling attackers to create identically-named groups and route messages from unauthorized groups to the agent. The vulnerability requires network access and no authentication, affecting the confidentiality and integrity of message routing with a CVSS score of 6.9. No public exploit code has been identified at time of analysis.

Authentication bypass in OpenClaw's Feishu webhook integration (pre-2026.3.12) allows unauthenticated remote attackers to inject forged events and trigger arbitrary downstream tool execution. The vulnerability occurs when administrators configure only verificationToken without encryptKey, enabling attackers to craft malicious webhook payloads that bypass validation. No public exploit identified at time of analysis, though CVSS 8.8 reflects network accessibility (AV:N), zero complexity (AC:L), and no privileges required (PR:N).

Execution allowlist bypass in OpenClaw (versions prior to 2026.3.11) enables unauthenticated remote attackers to execute arbitrary commands by exploiting improper pattern normalization in matchesExecAllowlistPattern. The vulnerability stems from lowercasing and overly permissive glob matching logic that incorrectly allows the ? wildcard to match across POSIX path segments, circumventing intended security restrictions. No public exploit identified at time of analysis, though CVSS 8.8 severity reflects network-accessible attack vector with no authentication required and high integrity/availability impact.

Privilege escalation in OpenClaw versions prior to 2026.3.11 allows authenticated users with operator.write permissions to execute administrative browser profile management functions, bypassing role-based access controls. Attackers can persist malicious remote Chrome DevTools Protocol (CDP) endpoints to disk, enabling potential remote code execution or session hijacking without operator.admin privileges. EPSS data not available; no public exploit identified at time of analysis. CVSS 7.1 (High) reflects network-accessible attack requiring only low-privileged authentication.

OpenClaw before version 2026.3.12 permits authorization bypass in Feishu reaction event handling when chat_type parameters are omitted, causing group chat events to be misclassified as peer-to-peer conversations and allowing attackers to circumvent groupAllowFrom and requireMention security controls. Unauthenticated remote attackers can exploit this with low complexity to achieve partial confidentiality and integrity impacts. No public exploit code has been identified, but the vulnerability is straightforward to trigger once the root cause is understood.

OpenClaw before version 2026.3.11 allows authenticated non-allowlisted Discord guild members to bypass authorization checks on reaction ingestion events, enabling them to inject arbitrary reaction text into downstream session context that is trusted as legitimate system events. This authentication-required authorization bypass affects all OpenClaw deployments integrating Discord guild reaction handling and has a CVSS score of 5.3 with confirmed patch availability.

OpenClaw before version 2026.3.11 allows authenticated operators with write-scoped permissions to bypass authorization controls and execute admin-only session reset functionality. Attackers holding operator.write privileges can issue agent requests containing /new or /reset slash commands to reset conversation state without requiring operator.admin credentials, resulting in unauthorized modification of session data. This vulnerability has a CVSS score of 6.9 and affects the core authorization logic that protects sensitive administrative operations.

Session sandbox escape in OpenClaw versions prior to 2026.3.11 allows local authenticated attackers with low-privilege sandboxed subagent access to read and modify session data across isolation boundaries by manipulating sessionKey parameters in the session_status tool. Exploitation enables unauthorized access to parent or sibling session state including persisted model overrides, bypassing critical security isolation controls. No public exploit identified at time of analysis, though the authentication bypass mechanism is clearly documented in vendor security advisory.

Sandbox escape in OpenClaw versions before 2026.3.11 enables low-privilege leaf subagents to bypass isolation boundaries and manipulate sibling processes with elevated tool policies. Local authenticated attackers can terminate competing worker threads, redirect execution flows, and execute operations outside their intended security context by exploiting insufficient authorization on subagent control APIs. EPSS data not available for this recent CVE; no public exploit identified at time of analysis, though the technical advisory provides detailed vulnerability mechanics.

Privilege escalation in OpenClaw versions before 2026.3.12 allows authenticated users with command authorization to access owner-restricted configuration and debug endpoints due to missing permission checks. Attackers can read and modify privileged settings intended only for owners, effectively bypassing role-based access controls. CVSS 8.7 (High) with EPSS data unavailable; no public exploit identified at time of analysis, though the vulnerability class (CWE-863: incorrect authorization) is commonly targeted once disclosed.

Authentication bypass in PromtEngineer localGPT affects the LocalGPTHandler API endpoint in backend/server.py, allowing unauthenticated remote attackers to access protected functionality with low confidentiality, integrity, and availability impact. The vulnerability stems from improper validation of the BaseHTTPRequestHandler argument, enabling attackers to manipulate request handling without credentials. No public exploit code or active exploitation has been confirmed, though the vendor has not responded to disclosure efforts.

Microchip Time Provider 4100 contains hard-coded credentials used for software update decryption, allowing malicious actors to craft and deploy unauthorized firmware updates without detection. Versions prior to 2.5.0 are affected. An attacker with local or network access to the device can leverage these credentials to bypass authentication controls during the manual software update process, potentially gaining full control of the time synchronization infrastructure.

Wandb OpenUI up to version 1.0 contains hard-coded credentials exposure in backend/openui/config.py where the LITELLM_MASTER_KEY argument is improperly handled, allowing local authenticated users with low privileges to read sensitive authentication material. The vulnerability has a low CVSS score (3.3) due to local-only attack vector and low impact scope, but publicly available exploit code exists and vendor contact has been unsuccessful, increasing practical risk for deployed instances.

Restaurant Cafeteria WordPress theme through version 0.4.6 allows authenticated subscribers to execute arbitrary PHP code and modify site configuration through unprotected admin-ajax actions lacking nonce and capability checks. An attacker with subscriber-level access can install malicious plugins from attacker-controlled URLs or import demo content that overwrites critical site settings, pages, menus, and theme configuration. Publicly available exploit code exists for this vulnerability.

Payment amount bypass in Brainstorm Force SureForms WordPress plugin (all versions ≤2.5.2) allows unauthenticated remote attackers to create underpriced payment and subscription intents by manipulating the form_id parameter to 0, circumventing configured payment validation. CVSS 7.5 (High) with network-accessible attack vector and low complexity. EPSS data not provided; no public exploit identified at time of analysis. This represents a direct financial fraud risk for e-commerce and donation sites using the affected plugin.

A information disclosure vulnerability in for WordPress is vulnerable to Sensitive Information Exposure in all (CVSS 8.0). High severity vulnerability requiring prompt remediation.

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Improper authorization in Chatwoot up to version 4.11.1 allows remote unauthenticated attackers to bypass authentication via the signupEnabled parameter in the /app/login endpoint's Signup Endpoint component. The vulnerability enables attackers to manipulate signup authorization controls by setting signupEnabled to true, resulting in unauthorized access. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.