Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27478 | 1 Unitycatalog | 1 Unitycatalog | 2026-03-16 | N/A | 9.1 CRITICAL |
| Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider. | |||||
| CVE-2026-31889 | 1 Shopware | 1 Shopware | 2026-03-16 | N/A | 8.9 HIGH |
| Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1. | |||||
| CVE-2025-48840 | 1 Fortinet | 1 Fortiweb | 2026-03-12 | N/A | 5.3 MEDIUM |
| An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request. | |||||
| CVE-2026-28465 | 1 Openclaw | 1 Openclaw | 2026-03-10 | N/A | 5.9 MEDIUM |
| OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-* headers in reverse-proxy configurations that implicitly trust these headers. | |||||
| CVE-2024-1524 | 1 Wso2 | 2 Api Manager, Identity Server | 2026-03-03 | N/A | 7.7 HIGH |
| When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username. | |||||
| CVE-2026-27700 | 1 Hono | 1 Hono | 2026-03-02 | N/A | 8.2 HIGH |
| Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorrectly selected the first value from the `X-Forwarded-For` header. Because AWS ALB appends the real client IP address to the end of the `X-Forwarded-For` header, the first value can be attacker-controlled. This could allow IP-based access control mechanisms (such as the `ipRestriction` middleware) to be bypassed. Version 4.12.2 patches the issue. | |||||
| CVE-2024-55925 | 1 Xerox | 1 Workplace Suite | 2026-02-28 | N/A | 7.5 HIGH |
| In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints. | |||||
| CVE-2022-2368 | 1 Microweber | 1 Microweber | 2026-02-25 | 7.5 HIGH | 6.5 MEDIUM |
| Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | |||||
| CVE-2026-24853 | 1 Caido | 1 Caido | 2026-02-24 | N/A | 8.1 HIGH |
| Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0. | |||||
| CVE-2026-21862 | 1 Rustfs | 1 Rustfs | 2026-02-23 | N/A | 7.5 HIGH |
| RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. This issue has been patched in version alpha.78. | |||||
| CVE-2025-13455 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-23 | N/A | 7.8 HIGH |
| A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. | |||||
| CVE-2025-65046 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | N/A | 3.1 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-8273 | 1 Hypr | 1 Hypr Server | 2026-02-19 | N/A | 8.8 HIGH |
| Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1. | |||||
| CVE-2026-25938 | 1 Frangoteam | 1 Fuxa | 2026-02-13 | N/A | 9.8 CRITICAL |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11. | |||||
| CVE-2024-53862 | 1 Argoproj | 1 Argo Workflows | 2026-02-06 | N/A | 7.5 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `--auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`. No authentication is performed by the Server itself on `client` tokens. Authentication & authorization is instead delegated to the k8s API server. However, the Workflow Archive does not interact with k8s, and so any token that looks valid will be considered authenticated, even if it is not a k8s token or even if the token has no RBAC for Argo. To handle the lack of pass-through k8s authN/authZ, the Workflow Archive specifically does the equivalent of a `kubectl auth can-i` check for respective methods. In 3.5.7 and 3.5.8, the auth check was accidentally removed on the GET Workflow endpoint's fallback to archived workflows on these lines, allowing archived workflows to be retrieved with a fake token. This vulnerability is fixed in 3.6.2 and 3.5.13. | |||||
| CVE-2025-11250 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2026-01-29 | N/A | 9.1 CRITICAL |
| Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. | |||||
| CVE-2025-60538 | 1 Go-shiori | 1 Shiori | 2026-01-22 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. | |||||
| CVE-2026-21894 | 1 N8n | 1 N8n | 2026-01-20 | N/A | 6.5 MEDIUM |
| n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. This issue has been patched in version 2.2.2. A temporary workaround for this issue involves users deactivating affected workflows or restricting access to workflows containing Stripe Trigger nodes to trusted users only. | |||||
| CVE-2025-69258 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-01-15 | N/A | 9.8 CRITICAL |
| A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | |||||
| CVE-2025-36753 | 1 Growatt | 2 Shine Lan-x, Shine Lan-x Firmware | 2026-01-14 | N/A | 9.8 CRITICAL |
| The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device | |||||