Authentication Bypass
Bypasses authentication mechanisms
34 CVEs tagged.
This vulnerability allows attackers to calculate initial administrative passwords for affected ELECOM wireless routers using publicly available system...
Feb 3, 2026The Spectra Gutenberg Blocks plugin for WordPress has an information disclosure vulnerability that allows unauthenticated attackers to read excerpts f...
Feb 3, 2026The WP ULike WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access o...
Feb 3, 2026This vulnerability allows unauthenticated remote attackers to perform Man-in-the-Middle attacks by intercepting HTTPS communications due to improper S...
Feb 3, 2026This vulnerability in Wikimedia Foundation's OATHAuth extension allows attackers to bypass two-factor authentication (2FA) controls. It affects MediaW...
Feb 3, 2026This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to user information through the UserInfoHandler API endpoi...
Feb 3, 2026This vulnerability in Wikimedia Foundation's ConfirmEdit extension allows attackers to bypass CAPTCHA protection mechanisms. It affects all installati...
Feb 3, 2026The NixOS Odoo package exposes the database manager without authentication, allowing unauthorized actors to delete or download the entire database and...
Feb 2, 2026PolarLearn's OAuth 2.0 implementation for GitHub and Google login is vulnerable to Login CSRF due to missing state parameter validation. This allows a...
Feb 2, 2026This timing attack vulnerability in PolarLearn allows unauthenticated attackers to enumerate valid user email addresses by measuring login response ti...
Feb 2, 2026OpenList Frontend versions before 4.1.10 contain a path traversal vulnerability in file operation handlers that allows authenticated attackers to bypa...
Feb 2, 2026This CSRF vulnerability in Tuleap allows attackers to trick authenticated users into performing unauthorized actions, specifically creating artifact l...
Feb 2, 2026This vulnerability in MediaWiki's AuthManager.php allows attackers to bypass authentication mechanisms under specific conditions. It affects all Media...
Feb 2, 2026This CVE describes an access control vulnerability in IBM Jazz Foundation that allows authenticated users to perform actions or view data beyond their...
Feb 2, 2026CVE-2022-50981 allows unauthenticated remote attackers to gain full administrative access to affected devices because they ship without a default pass...
Feb 2, 2026This vulnerability allows a local attacker with physical USB access to cause a full device reset by using an invalid reset file. It affects devices th...
Feb 2, 2026This vulnerability allows an unauthenticated remote attacker to hijack existing user sessions and gain full administrative access to affected devices....
Feb 2, 2026In lunary-ai/lunary version 1.2.2, a privilege escalation vulnerability allows users with 'viewer' role to hijack other user accounts by obtaining pas...
Feb 2, 2026This vulnerability in GitLab CE/EE allows unauthorized users to edit merge request approval rules under specific conditions. It affects all GitLab ins...
Feb 2, 2026This vulnerability allows unauthenticated attackers to trigger resource-intensive text generation operations and manipulate server state in the lollms...
Feb 2, 2026This vulnerability in Keycloak's CIBA (Client Initiated Backchannel Authentication) feature allows attackers to make blind server-side requests to int...
Feb 2, 2026A cross-site scripting vulnerability in the email function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary user...
Feb 2, 2026A cross-site scripting vulnerability in the Message function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary us...
Feb 2, 2026An improper input verification vulnerability in Cybozu Garoon allows attackers to modify portal settings without proper authorization. This could bloc...
Feb 2, 2026The User Profile Builder WordPress plugin before version 3.15.2 has an improper password reset mechanism that allows unauthenticated attackers to rese...
Feb 2, 2026This vulnerability allows Keycloak administrators with limited privileges to access sensitive custom user attributes that should be hidden by User Pro...
Feb 2, 2026MagicINFO 9 Server versions below 21.1090.1 contain hardcoded database credentials, allowing attackers to authenticate and manipulate the database. Th...
Feb 2, 2026A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without proper authentication, leading to stored cross-site scriptin...
Feb 2, 2026This CVE describes an authentication bypass vulnerability in DJI drone models (Mavic Mini, Air, Spark, Mini SE) through capture-replay attacks on the ...
Feb 2, 2026This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenlogin...
Feb 2, 2026This vulnerability allows unauthorized remote access to the crontab endpoint in Zhong Bang CRMEB versions up to 5.6.3. Attackers can exploit this miss...
Feb 2, 2026This CVE describes an improper authorization vulnerability in Zhong Bang CRMEB's store integration API endpoint. Attackers can manipulate the order_id...
Feb 1, 2026A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to modify system settings without pro...
Jun 6, 2025This vulnerability allows remote attackers to bypass authentication in Soar Cloud HRD Human Resource Management System client applications. Attackers ...
Jun 6, 2025