authorization
authorization
- CVE-2026-58054 - MyBB limited ACP user group privilege escalation
- CVE-2026-58056 - RustDesk file-transfer session control authorization bypass
- CVE-2026-58056 - RustDesk file-transfer session control-scope bypass
- CVE-2026-12415 - Invoice Generator unauthenticated account takeover
- GHSA-q6xx-5vr8-p898 - Nezha WebSocket stream ownership bypass
- CVE-2026-39833 - Go x/crypto ssh agent confirm constraint bypass
- CVE-2026-46595 - Go x/crypto ssh VerifiedPublicKeyCallback auth bypass
- CVE-2026-55166 - Lemur ACME SSRF and creator-equality IDOR
- CVE-2026-45052 - OpenAM Liberty Discovery authz bypass
- CVE-2026-48507 - Snipe-IT bulk user lockout privilege escalation
- CVE-2026-54329 - Snipe-IT cross-tenant accessory injection
- CVE-2026-54281 - Nest Fastify trailing-slash middleware bypass
- CVE-2026-48152 - Budibase REST datasource auth exfiltration
- CVE-2026-43515 - Apache Tomcat security constraints authorization bypass
- CVE-2026-47724 - nebula-mesh API ownership authorization bypass
- CVE-2026-46636 - Twig cached template sandbox-state bypass
- CVE-2026-47412 - PraisonAI Platform workspace delete RBAC bypass
- CVE-2026-47418 - PraisonAI Platform project IDOR
- CVE-2026-47742 - Shopper product Livewire authorization bypass
- CVE-2026-47745 - Shopper payment, currency, and carrier authorization bypass
- CVE-2026-47407 - PraisonAI Platform workspace takeover
- CVE-2026-47413 - PraisonAI Platform member-add owner injection
- CVE-2026-47416 - PraisonAI Platform workspace owner promotion
- CVE-2026-47744 - Shopper team RBAC privilege escalation
- CVE-2026-48169 - PraisonAI Platform cross-workspace IDOR
- GHSA-63gr-g7jc-v8rg - AgenticMail MCP HTTP auth bypass
- CVE-2026-48119 - Nezha service-monitor result forgery
- Source code audit - auth and tenant boundaries
- CVE-2026-45395 - Open WebUI tool update authorization RCE
- CVE-2026-39852 - Quarkus matrix-parameter authorization bypass
- CVE-2026-45109 - Next.js segment-prefetch middleware bypass
- CVE-2026-41428 - Budibase public endpoint auth bypass
- CVE-2026-42274 - Heimdall policy interpretation bypass cluster
- GHSA-xmxx/GHSA-mr34/GHSA-2gvc - OpenClaw gateway boundary hardening
- CVE-2026-29200 - Comet Backup tenant impersonation IDOR
- CVE-2026-42349 - Clerk combined authorization bypass
- CVE-2026-42461 - Arcane Compose template secret disclosure
- GHSA-3xx2/GHSA-47wq - Paperclip agent key tenant-boundary bypass
- GHSA-xh72/GHSA-xmxx - OpenClaw agent-surface fail-closed bypasses
- CVE-2026-23902 — Apache DolphinScheduler authorization bypass