Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Dataease SQLBot JWT Token auth.py validateEmbedded signature verification
Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification
Unitree Go2 Mobile Program Tampering Enables Root RCE
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo
Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_proces...
cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
Microsoft Exchange Server Spoofing Vulnerability
OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension
OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
sm-crypto Affected by Private Key Recovery in SM2-PKE
MineAdmin JWT Token refresh data authenticity
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation
Cosign verification accepts any valid Rekor entry under certain conditions
Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com
cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)
Showing 1 - 20 of 1,000+ results