A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue w...
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhook_url, HTTP method, reque...
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` โ incomplete fix of #2024
Admidio writes session IDs and auto-login cookie values to application logs
Admidio PKCS#12 private key export action lacks CSRF protection
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is tri...
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth (i.e via the `Authorization` header with the `Basic` scheme)...
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed ass...
CC-Tweaked has an SSRF Protection Bypass with NAT64
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\<username>\.sdm\state.kv. The file is protected only b...
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any conversation, even after that user's access to the mailbox containing the conversation has...