Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token
azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass
ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack
Pingvin Share X: TOTP Authentication Bypass via Password-only Login
Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
Azure SDK for Java Security Feature Bypass Vulnerability
inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass
SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools
OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication
Industrial Application Software IAS Canias ERP Login RMI improper authentication
Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
Industrial Application Software IAS Canias ERP RMI doAction improper authentication
UGREEN CM933 Administrative missing authentication
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
Showing 1 - 20 of 1,000+ results