Search Vulnerabilities

OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels

Mar 19, 2026

CVE-2026-23903

Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Feb 9, 2026

CVE-2026-24058

Soft Serve has Critical Authentication Bypass

Jan 22, 2026

CVE-2025-14777

Keycloak: keycloak idor in realm client creating/deleting

Dec 16, 2025

CVE-2025-13613

Elated Membership <= 1.2 - Authentication Bypass via Social Login

Dec 10, 2025

CVE-2025-64521

authentik deactivated service accounts can authenticate to OAuth

Nov 19, 2025

CVE-2025-64343

(conda) Constructor: Excessive permissions during and after installation

Nov 7, 2025

CVE-2025-8415

Cryostat: authentication bypass if network policies are disabled

Aug 20, 2025

CVE-2025-29266

Unraid 7

Mar 31, 2025

CVE-2024-11283

WP JobHunt <= 7.1 - Authentication Bypass to Candidate

Mar 14, 2025

CVE-2024-56511

DataEase has an unauthorized vulnerability

Jan 10, 2025

CVE-2024-55634

Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004

Dec 9, 2024

CVE-2024-51996

Symphony has an Authentication Bypass via RememberMe

Nov 13, 2024

CVE-2024-2098

Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary

Jun 13, 2024

CVE-2023-51663

Hail authentication can be bypassed by changing email address

Dec 29, 2023

CVE-2023-41890

Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation

Sep 19, 2023

CVE-2023-3263

The Dataprobe iBoot PDU running firmware version 1

Aug 14, 2023

CVE-2023-38487

HedgeDoc API allows to hide existing notes

Aug 4, 2023

CVE-2023-20046