Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication
Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
Auth misconfiguration when multiple providers enabled
Parse Server OAuth2 authentication adapter account takeover via identity spoofing
Parse Server is missing audience validation in Keycloak authentication adapter
Feathersjs has an OAuth Callback Account Takeover
Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
Windows SMB Server Elevation of Privilege Vulnerability
Windows SMB Server Elevation of Privilege Vulnerability
Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]
doramart DoraCMS Email API send improper authentication
suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2
OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes
Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer
Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
Showing 1 - 20 of 1,000+ results