Search Vulnerabilities

Azure HorizonDB Elevation of Privilege Vulnerability

IBM WebSphere Application Server is affected by an identity spoofing vulnerability

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

SillyTavern: Authentication Bypass via SSO Header Injection

Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a ...

Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover

Fleet: IP spoofing allows bypassing API rate limiting

Fleet Windows MDM Azure AD JWT Authentication Bypass

Fleet has a rate limiting bypass via untrusted client IP headers

azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

NGINX ngx_quic_module vulnerability

Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled

Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie

Sentry: Improper authentication on SAML SSO process allows user identity linking

Remote Spark SparkView RCE