CWE-305
AllowedAuthentication Bypass by Primary Weakness
Abstraction: Base · Status: Draft
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
281 vulnerabilities reference this CWE, most recent first.
GHSA-54JJ-4V6G-J34H
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.
{
"affected": [],
"aliases": [
"CVE-2026-25555"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T17:16:41Z",
"severity": "CRITICAL"
},
"details": "OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware\u0027s comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.",
"id": "GHSA-54jj-4v6g-j34h",
"modified": "2026-06-08T18:31:51Z",
"published": "2026-06-08T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25555"
},
{
"type": "WEB",
"url": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5629-8855-GF4G
Vulnerability from github – Published: 2021-11-18 20:12 – Updated: 2021-11-17 21:07Impact
The actual vulnerability has been discovered on solidus_auth_devise. See GHSA-xm34-v85h-9pg2 for details.
The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update solidus_auth_devise. For this reason, it has been marked as low impact on this end.
Patches
For extra security, update solidus_core to versions 3.1.3, 3.0.3 or 2.11.12.
Workarounds
Look at the workarounds described at GHSA-xm34-v85h-9pg2.
References
For more information
If you have any questions or comments about this advisory: * Open an issue in solidus_auth_devise or a discussion in solidus * Email us at security@solidus.io * Contact the core team on Slack
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "solidus_core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "solidus_core"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "solidus_core"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-305",
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-17T21:07:30Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nThe actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details.\n\nThe security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don\u0027t update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end.\n\n### Patches\nFor extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`.\n\n### Workarounds\nLook at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### References\n- [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions)\n* Email us at [security@solidus.io](mailto:security@soliidus.io)\n* Contact the core team on [Slack](http://slack.solidus.io/)\n",
"id": "GHSA-5629-8855-gf4g",
"modified": "2021-11-17T21:07:30Z",
"published": "2021-11-18T20:12:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-5629-8855-gf4g"
},
{
"type": "WEB",
"url": "https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2"
},
{
"type": "PACKAGE",
"url": "https://github.com/solidusio/solidus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authentication Bypass by CSRF Weakness "
}
GHSA-56WX-66PX-9J66
Vulnerability from github – Published: 2025-05-13 21:34 – Updated: 2025-05-13 21:34Impact
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Patches
The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.
To determine if you are vulnerable run on your server:
opkssh --version
If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:
wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash
References
The upstream vulnerability in OpenPubkey is CVE-2025-3757 and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/openpubkey/opkssh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-4658"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-13T21:34:58Z",
"nvd_published_at": "2025-05-13T17:16:04Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nVersions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.\n\n### Patches\n\nThe vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.\n\nTo determine if you are vulnerable run on your server:\n\n```bash\nopkssh --version\n```\n\nIf the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:\n\n```bash\nwget -qO- \"https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh\" | sudo bash\n``` \n\n\n### References\n\n[CVE-2025-4658](https://www.cve.org/CVERecord?id=CVE-2025-4658)\n\nThe upstream vulnerability in OpenPubkey is [CVE-2025-3757](https://www.cve.org/CVERecord?id=CVE-2025-3757) and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq",
"id": "GHSA-56wx-66px-9j66",
"modified": "2025-05-13T21:34:58Z",
"published": "2025-05-13T21:34:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4658"
},
{
"type": "PACKAGE",
"url": "https://github.com/openpubkey/opkssh"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "OPKSSH Vulnerable to Authentication Bypass "
}
GHSA-59M6-82QM-VQGJ
Vulnerability from github – Published: 2023-07-21 20:17 – Updated: 2023-07-21 20:17Summary
A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.
Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 and 1.11.2.
Impact
This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the dapr-api-token in the request is invalid or missing.
Patches
The issue has been fixed in Dapr 1.10.9 and 1.11.2.
Details
When API token authentication is enabled, Dapr requires all calls from applications to include the dapr-api-token header, with a value matching what's included in the Dapr's configuration. In order to allow for healthchecks to work, the /v1.0/healthz and /v1.0/healthz/outbound HTTP APIs are excluded from the API token authentication check, and are always allowed.
Dapr <= 1.10.8 and <= 1.11.1 implemented the allowlisting of the healthcheck endpoints by permitting all requests whose URL contains /healthz to bypass the API token authentication check. The match applied anywhere in the URL, including the querystring.
As a consequence, attackers were able to bypass API token authentication by including /healthz anywhere in the URL, including as a querystring parameter. This allowed attackers to invoke any Dapr API using HTTP, including perform service invocation.
Proof of Concept
``` $ curl -v http://localhost:3500/v1.0/metadata * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)
GET /v1.0/metadata HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: /
- Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Date: Mon, 17 Jul 2023 18:13:13 GMT < Content-Type: text/plain; charset=utf-8 < Content-Length: 17 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
- Connection #0 to host localhost left intact invalid api token
$ curl -v http://localhost:3500/v1.0/metadata -H "dapr-api-token: mytoken" * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)
GET /v1.0/metadata HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: / dapr-api-token: mytoken
- Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Mon, 17 Jul 2023 18:13:26 GMT < Content-Type: application/json < Content-Length: 119 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
- Connection #0 to host localhost left intact {"id":"foo","actors":[],"extended":{"daprRuntimeVersion":"v1.11.1"},"components":[],"httpEndpoints":[],"subscriptions":[]}
$ curl -v http://localhost:3500/v1.0/metadata?foo=/healthz * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)
GET /v1.0/metadata?foo=/healthz HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: /
- Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Mon, 17 Jul 2023 18:13:44 GMT < Content-Type: application/json < Content-Length: 119 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
- Connection #0 to host localhost left intact {"id":"foo","actors":[],"extended":{"daprRuntimeVersion":"v1.11.1"},"components":[],"httpEndpoints":[],"subscriptions":[]}
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/dapr/dapr"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/dapr/dapr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-37918"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-21T20:17:36Z",
"nvd_published_at": "2023-07-21T21:15:11Z",
"severity": "MODERATE"
},
"details": "### Summary\n\n\nA vulnerability has been found in Dapr that allows bypassing [API token authentication](https://docs.dapr.io/operations/security/api-token/), which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.\n\n\nUsers who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 and 1.11.2.\n\n\n### Impact\n\n\nThis vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing.\n\n\n### Patches\n\n\nThe issue has been fixed in Dapr 1.10.9 and 1.11.2.\n\n\n### Details\n\n\nWhen API token authentication is enabled, Dapr requires all calls from applications to include the `dapr-api-token` header, with a value matching what\u0027s included in the Dapr\u0027s configuration. In order to allow for healthchecks to work, the `/v1.0/healthz` and `/v1.0/healthz/outbound` HTTP APIs are excluded from the API token authentication check, and are always allowed.\n\n\nDapr \u003c= 1.10.8 and \u003c= 1.11.1 implemented the allowlisting of the healthcheck endpoints by permitting all requests whose URL contains `/healthz` to bypass the API token authentication check. The match applied anywhere in the URL, including the querystring.\n\n\nAs a consequence, attackers were able to bypass API token authentication by including `/healthz` anywhere in the URL, including as a querystring parameter. This allowed attackers to invoke any Dapr API using HTTP, including perform service invocation.\n\n\n### Proof of Concept\n\n\n```\n$ curl -v http://localhost:3500/v1.0/metadata\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 401 Unauthorized\n\u003c Date: Mon, 17 Jul 2023 18:13:13 GMT\n\u003c Content-Type: text/plain; charset=utf-8\n\u003c Content-Length: 17\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\ninvalid api token\n\n\n$ curl -v http://localhost:3500/v1.0/metadata -H \"dapr-api-token: mytoken\"\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e dapr-api-token: mytoken\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 200 OK\n\u003c Date: Mon, 17 Jul 2023 18:13:26 GMT\n\u003c Content-Type: application/json\n\u003c Content-Length: 119\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\n{\"id\":\"foo\",\"actors\":[],\"extended\":{\"daprRuntimeVersion\":\"v1.11.1\"},\"components\":[],\"httpEndpoints\":[],\"subscriptions\":[]}\n\n\n$ curl -v http://localhost:3500/v1.0/metadata?foo=/healthz\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata?foo=/healthz HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 200 OK\n\u003c Date: Mon, 17 Jul 2023 18:13:44 GMT\n\u003c Content-Type: application/json\n\u003c Content-Length: 119\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\n{\"id\":\"foo\",\"actors\":[],\"extended\":{\"daprRuntimeVersion\":\"v1.11.1\"},\"components\":[],\"httpEndpoints\":[],\"subscriptions\":[]}\n",
"id": "GHSA-59m6-82qm-vqgj",
"modified": "2023-07-21T20:17:36Z",
"published": "2023-07-21T20:17:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37918"
},
{
"type": "WEB",
"url": "https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a"
},
{
"type": "WEB",
"url": "https://github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae"
},
{
"type": "WEB",
"url": "https://docs.dapr.io/operations/security/api-token"
},
{
"type": "PACKAGE",
"url": "https://github.com/dapr/dapr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Dapr API token authentication bypass in HTTP endpoints"
}
GHSA-5FV2-2P94-9GH7
Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-03-25 15:31A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
{
"affected": [],
"aliases": [
"CVE-2026-3591"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T14:16:37Z",
"severity": "MODERATE"
},
"details": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.",
"id": "GHSA-5fv2-2p94-9gh7",
"modified": "2026-03-25T15:31:29Z",
"published": "2026-03-25T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3591"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2026-3591"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5HG3-FFV7-G5FF
Vulnerability from github – Published: 2023-01-18 18:30 – Updated: 2023-01-26 15:30A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
{
"affected": [],
"aliases": [
"CVE-2022-3100"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-18T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.",
"id": "GHSA-5hg3-ffv7-g5ff",
"modified": "2023-01-26T15:30:31Z",
"published": "2023-01-18T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-3100"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5HWC-8C64-25VM
Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2024-04-04 03:41The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
{
"affected": [],
"aliases": [
"CVE-2022-40723"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-25T19:15:10Z",
"severity": "MODERATE"
},
"details": "The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.",
"id": "GHSA-5hwc-8c64-25vm",
"modified": "2024-04-04T03:41:01Z",
"published": "2023-04-25T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40723"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5Q3W-6P3J-MW6P
Vulnerability from github – Published: 2026-03-11 12:31 – Updated: 2026-06-02 15:31curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
{
"affected": [],
"aliases": [
"CVE-2026-3784"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T11:16:00Z",
"severity": "MODERATE"
},
"details": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.",
"id": "GHSA-5q3w-6p3j-mw6p",
"modified": "2026-06-02T15:31:54Z",
"published": "2026-03-11T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3584903"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2026-3784.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2026-3784.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/11/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-625F-424X-6J4W
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
{
"affected": [],
"aliases": [
"CVE-2020-15787"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-09T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.",
"id": "GHSA-625f-424x-6j4w",
"modified": "2022-05-24T17:27:38Z",
"published": "2022-05-24T17:27:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15787"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-629X-6X88-9G8P
Vulnerability from github – Published: 2025-05-02 15:31 – Updated: 2025-05-02 15:31KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.
{
"affected": [],
"aliases": [
"CVE-2025-32011"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T19:15:57Z",
"severity": "CRITICAL"
},
"details": "KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.",
"id": "GHSA-629x-6x88-9g8p",
"modified": "2025-05-02T15:31:45Z",
"published": "2025-05-02T15:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32011"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01"
},
{
"type": "WEB",
"url": "http://packages.revolutionpi.de/pool/main/p/pictory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.