Medium
CVSS: 6.5
n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe web…
Medium
CVSS: 6.3
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability…
High
CVSS: 7.4
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances.
High
CVSS: 8.1
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without pr…
Critical
CVSS: 9.3
The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would al…
High
CVSS: 8.6
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device
High
CVSS: 7.1
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
High
CVSS: 7.5
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An at…
Critical
CVSS: 9.3
Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.
Authentication is performed through a local WebSocket, but the web application does not p…
Medium
CVSS: 6.5
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies (TrustedProxies = 0.0.0.0/0), allowing any client to spoof the…
High
CVSS: 7.5
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previous…
High
CVSS: 7.5
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.
Critical
CVSS: 10.0
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attack…
Medium
CVSS: 4.7
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and…
Medium
CVSS: 5.1
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without pro…
High
CVSS: 7.8
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META…
Medium
CVSS: 4.3
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severit…
Medium
CVSS: 4.4
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Medium
CVSS: 4.4
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
Medium
CVSS: 6.8
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure defau…