Search Vulnerabilities

Missing exit out of permission check in haveged could lead to root exploit

OAuth authorization code client binding not enforced during token redemption in Mattermost

Authentication Bypass in mlflow/mlflow

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

Improper Authentication vulnerability in Progress MOVEit Automation

ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout

Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)

Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1

Pachno 1.0.6 Open Redirection via return_to Parameter

Ory Oathkeeper has an authentication bypass by cache key confusion

A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

MantisBT SOAP API has an authentication bypass vulnerability on MySQL

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

A vulnerability found in Dahua NVR/XVR device

Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

Authentication bypass vulnerability in the device authentication module

IBM MQ is affected by an authority vulnerablility

Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7