Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Util-linux: util-linux: access control bypass due to improper hostname canonicalization
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels
Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems
Soft Serve has Critical Authentication Bypass
Keycloak: keycloak idor in realm client creating/deleting
Elated Membership <= 1.2 - Authentication Bypass via Social Login
authentik deactivated service accounts can authenticate to OAuth
(conda) Constructor: Excessive permissions during and after installation
Cryostat: authentication bypass if network policies are disabled
Unraid 7
WP JobHunt <= 7.1 - Authentication Bypass to Candidate
DataEase has an unauthorized vulnerability
Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
Symphony has an Authentication Bypass via RememberMe
Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
Hail authentication can be bypassed by changing email address
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
The Dataprobe iBoot PDU running firmware version 1
Showing 1 - 20 of 1,000+ results