CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2026-0953 (GCVE-0-2026-0953)
Vulnerability from cvelistv5 – Published: 2026-03-10 05:26 – Updated: 2026-04-08 17:09
VLAI
Title
Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login
Summary
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim's email address.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themeum | Tutor LMS Pro |
Affected:
0 , ≤ 3.9.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:58:52.010194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:52:06.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tutor LMS Pro",
"vendor": "themeum",
"versions": [
{
"lessThanOrEqual": "3.9.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim\u0027s email address."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:09:29.685Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92a120ac-66ae-4678-a87a-e62da885d50b?source=cve"
},
{
"url": "https://tutorlms.com/releases/id/393/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-14T19:18:04.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-09T16:33:12.000Z",
"value": "Disclosed"
}
],
"title": "Tutor LMS Pro \u003c= 3.9.5 - Authentication Bypass via Social Login"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0953",
"datePublished": "2026-03-10T05:26:28.745Z",
"dateReserved": "2026-01-14T19:02:05.215Z",
"dateUpdated": "2026-04-08T17:09:29.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10157 (GCVE-0-2026-10157)
Vulnerability from cvelistv5 – Published: 2026-05-31 00:30 – Updated: 2026-06-02 02:14 X_Open Source
VLAI
Title
Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication
Summary
A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367410 | vdb-entry |
| https://vuldb.com/vuln/367410/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10157 | third-party-advisory |
| https://vuldb.com/submit/818939 | third-party-advisory |
| https://github.com/open5gs/open5gs/issues/4393 | exploitissue-tracking |
| https://github.com/open5gs/open5gs/pull/4557 | issue-trackingpatch |
| https://github.com/open5gs/open5gs/commit/a188e36… | patch |
| https://github.com/open5gs/open5gs/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T02:14:23.118606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T02:14:32.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP PathSwitchRequest Message Handler"
],
"product": "Open5GS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.1"
},
{
"status": "affected",
"version": "2.7.2"
},
{
"status": "affected",
"version": "2.7.3"
},
{
"status": "affected",
"version": "2.7.4"
},
{
"status": "affected",
"version": "2.7.5"
},
{
"status": "affected",
"version": "2.7.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seungjoon Na (Kookmin University ICSR Lab)"
},
{
"lang": "en",
"type": "finder",
"value": "Jinha Kim (Kookmin University ICSR Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Seungjoon Na (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "Seungjoon Na (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:17:26.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367410 | Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/367410"
},
{
"name": "VDB-367410 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367410/cti"
},
{
"name": "CVE-2026-10157 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10157"
},
{
"name": "Submit #818939 | open5gs Open5GS v2.7.6 Improper Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818939"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/open5gs/open5gs/issues/4393"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/open5gs/open5gs/pull/4557"
},
{
"tags": [
"patch"
],
"url": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c"
},
{
"tags": [
"product"
],
"url": "https://github.com/open5gs/open5gs/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-01T15:19:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10157",
"datePublished": "2026-05-31T00:30:10.718Z",
"dateReserved": "2026-05-30T06:05:02.777Z",
"dateUpdated": "2026-06-02T02:14:32.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10167 (GCVE-0-2026-10167)
Vulnerability from cvelistv5 – Published: 2026-05-31 03:30 – Updated: 2026-06-01 15:24
VLAI
Title
OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication
Summary
A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367421 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367421/cti | signaturepermissions-required |
| https://vuldb.com/submit/819157 | third-party-advisory |
| https://github.com/OUSL-GROUP-BrinaryBrains/Schoo… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OUSL-GROUP-BrinaryBrains | School Student Management System |
Affected:
1e70e5ad1125b86dca4ee086eb6bb121f17708b6
cpe:2.3:a:ousl-group-brinarybrains:school_student_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10167",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:17:34.017062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:24:45.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ousl-group-brinarybrains:school_student_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"MY_Controller"
],
"product": "School Student Management System",
"vendor": "OUSL-GROUP-BrinaryBrains",
"versions": [
{
"status": "affected",
"version": "1e70e5ad1125b86dca4ee086eb6bb121f17708b6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Akirazz (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-31T03:30:09.909Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367421 | OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367421"
},
{
"name": "VDB-367421 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367421/cti"
},
{
"name": "Submit #819157 | OUSL-GROUP-BrinaryBrains School-Student-Management-System 1.0 Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/819157"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/OUSL-GROUP-BrinaryBrains/School-Student-Management-System/issues/24"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-30T11:36:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10167",
"datePublished": "2026-05-31T03:30:09.909Z",
"dateReserved": "2026-05-30T09:31:01.086Z",
"dateUpdated": "2026-06-01T15:24:45.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10243 (GCVE-0-2026-10243)
Vulnerability from cvelistv5 – Published: 2026-06-01 09:00 – Updated: 2026-06-01 15:23 X_Freeware
VLAI
Title
code-projects Smart Parking System Admin Endpoint missing authentication
Summary
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367521 | vdb-entry |
| https://vuldb.com/vuln/367521/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10243 | third-party-advisory |
| https://vuldb.com/submit/823871 | third-party-advisory |
| https://github.com/Xmyronn/smart-parking-system-b… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Smart Parking System |
Affected:
1.0
cpe:2.3:a:code-projects:smart_parking_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10243",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:00:26.860506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:23:18.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:code-projects:smart_parking_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Admin Endpoint"
],
"product": "Smart Parking System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "imad alvi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T09:00:13.192Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367521 | code-projects Smart Parking System Admin Endpoint missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/367521"
},
{
"name": "VDB-367521 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367521/cti"
},
{
"name": "CVE-2026-10243 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10243"
},
{
"name": "Submit #823871 | code-projects Smart Parking System In PHP With Source Code 1.0 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/823871"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Xmyronn/smart-parking-system-broken-access.git"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T12:17:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Smart Parking System Admin Endpoint missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10243",
"datePublished": "2026-06-01T09:00:13.192Z",
"dateReserved": "2026-05-31T10:12:00.665Z",
"dateUpdated": "2026-06-01T15:23:18.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10281 (GCVE-0-2026-10281)
Vulnerability from cvelistv5 – Published: 2026-06-01 18:15 – Updated: 2026-06-01 21:19 X_Open Source
VLAI
Title
Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication
Summary
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367574 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367574/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10281 | third-party-advisory |
| https://vuldb.com/submit/825429 | third-party-advisory |
| https://github.com/Enderfga/claw-orchestrator/issues/61 | exploitissue-tracking |
| https://github.com/Enderfga/claw-orchestrator/com… | patch |
| https://github.com/Enderfga/claw-orchestrator/rel… | patch |
| https://github.com/Enderfga/claw-orchestrator/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Enderfga | claw-orchestrator |
Affected:
3.5.0
Affected: 3.5.1 Affected: 3.5.2 Affected: 3.5.3 Affected: 3.5.4 Affected: 3.5.5 Unaffected: 3.5.6 cpe:2.3:a:enderfga:claw-orchestrator:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10281",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T21:19:23.470661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:19:41.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:enderfga:claw-orchestrator:*:*:*:*:*:*:*:*"
],
"modules": [
"API Endpoint"
],
"product": "claw-orchestrator",
"vendor": "Enderfga",
"versions": [
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.5.3"
},
{
"status": "affected",
"version": "3.5.4"
},
{
"status": "affected",
"version": "3.5.5"
},
{
"status": "unaffected",
"version": "3.5.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ybdesire (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T18:15:10.669Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367574 | Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367574"
},
{
"name": "VDB-367574 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367574/cti"
},
{
"name": "CVE-2026-10281 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10281"
},
{
"name": "Submit #825429 | Enderfga claw-orchestrator v2.7.1-v3.5.5 Missing Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825429"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Enderfga/claw-orchestrator/issues/61"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6"
},
{
"tags": [
"product"
],
"url": "https://github.com/Enderfga/claw-orchestrator/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T18:23:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10281",
"datePublished": "2026-06-01T18:15:10.669Z",
"dateReserved": "2026-05-31T16:18:35.986Z",
"dateUpdated": "2026-06-01T21:19:41.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10283 (GCVE-0-2026-10283)
Vulnerability from cvelistv5 – Published: 2026-06-01 18:45 – Updated: 2026-06-02 12:41
VLAI
Title
Bottelet DaybydayCRM Setting missing authentication
Summary
A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367576 | vdb-entry |
| https://vuldb.com/vuln/367576/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10283 | third-party-advisory |
| https://vuldb.com/submit/825442 | third-party-advisory |
| https://vuldb.com/submit/825443 | third-party-advisory |
| https://github.com/Bottelet/DaybydayCRM/issues/348 | issue-tracking |
| https://github.com/Bottelet/DaybydayCRM/pull/363 | issue-trackingpatch |
| https://github.com/Bottelet/DaybydayCRM/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bottelet | DaybydayCRM |
Affected:
2.2.0
Affected: 2.2.1 cpe:2.3:a:bottelet:daybydaycrm:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:41:33.871573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:41:42.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:bottelet:daybydaycrm:*:*:*:*:*:*:*:*"
],
"modules": [
"Setting Handler"
],
"product": "DaybydayCRM",
"vendor": "Bottelet",
"versions": [
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mitchell_45 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T18:45:12.856Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367576 | Bottelet DaybydayCRM Setting missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/367576"
},
{
"name": "VDB-367576 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367576/cti"
},
{
"name": "CVE-2026-10283 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10283"
},
{
"name": "Submit #825442 | Bottelet DaybydayCRM \u003c= 2.2.1 Improper Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825442"
},
{
"name": "Submit #825443 | Bottelet DaybydayCRM \u003c= 2.2.1 Mass Assignment (CWE-915) (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825443"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Bottelet/DaybydayCRM/issues/348"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/Bottelet/DaybydayCRM/pull/363"
},
{
"tags": [
"product"
],
"url": "https://github.com/Bottelet/DaybydayCRM/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T18:31:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bottelet DaybydayCRM Setting missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10283",
"datePublished": "2026-06-01T18:45:12.856Z",
"dateReserved": "2026-05-31T16:25:59.369Z",
"dateUpdated": "2026-06-02T12:41:42.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10288 (GCVE-0-2026-10288)
Vulnerability from cvelistv5 – Published: 2026-06-01 20:00 – Updated: 2026-06-02 13:25 X_Freeware
VLAI
Title
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
Summary
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367581 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367581/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10288 | third-party-advisory |
| https://vuldb.com/submit/825786 | third-party-advisory |
| https://github.com/Xmyronn/Hotel-and-Tourism-Rese… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Hotel and Tourism Reservation System |
Affected:
1.0
cpe:2.3:a:code-projects:hotel_and_tourism_reservation_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T13:25:34.803198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:25:49.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:code-projects:hotel_and_tourism_reservation_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Admin Login"
],
"product": "Hotel and Tourism Reservation System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "imad alvi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T20:00:11.320Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367581 | code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367581"
},
{
"name": "VDB-367581 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367581/cti"
},
{
"name": "CVE-2026-10288 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10288"
},
{
"name": "Submit #825786 | code-projects Hotel And Tourism Reservation In PHP With Source Code 1.0 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825786"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Authentication-Bypass.git"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T18:45:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10288",
"datePublished": "2026-06-01T20:00:11.320Z",
"dateReserved": "2026-05-31T16:40:11.024Z",
"dateUpdated": "2026-06-02T13:25:49.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10548 (GCVE-0-2026-10548)
Vulnerability from cvelistv5 – Published: 2026-06-02 00:30 – Updated: 2026-06-03 13:53
VLAI
Title
NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
Summary
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367645 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367645/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10548 | third-party-advisory |
| https://vuldb.com/submit/822026 | third-party-advisory |
| https://gist.github.com/YLChen-007/caf38652afeccb… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 Affected: 2026.4.17 Affected: 2026.4.18 Affected: 2026.4.19 Affected: 2026.4.20 Affected: 2026.4.21 Affected: 2026.4.22 Affected: 2026.4.23 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:52:49.345677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:53:36.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/822026"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Credential Pool Synchronization"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
},
{
"status": "affected",
"version": "2026.4.17"
},
{
"status": "affected",
"version": "2026.4.18"
},
{
"status": "affected",
"version": "2026.4.19"
},
{
"status": "affected",
"version": "2026.4.20"
},
{
"status": "affected",
"version": "2026.4.21"
},
{
"status": "affected",
"version": "2026.4.22"
},
{
"status": "affected",
"version": "2026.4.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-j (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T00:30:09.704Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367645 | NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367645"
},
{
"name": "VDB-367645 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367645/cti"
},
{
"name": "CVE-2026-10548 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10548"
},
{
"name": "Submit #822026 | NousResearch hermes-agent \u003c= v2026.4.23 Improper Authentication (CWE-287)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822026"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/caf38652afeccbbd53a9d77152b6198d"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-01T15:33:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10548",
"datePublished": "2026-06-02T00:30:09.704Z",
"dateReserved": "2026-06-01T13:28:23.195Z",
"dateUpdated": "2026-06-03T13:53:36.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10611 (GCVE-0-2026-10611)
Vulnerability from cvelistv5 – Published: 2026-06-02 12:48 – Updated: 2026-06-02 16:05
VLAI
Title
OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
Summary
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.
As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.
The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/MISP/MISP/commit/39b3cb15aac43… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T16:05:11.918483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:05:19.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.38",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Capelli"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Luciano Righetti"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with \u003ccode\u003eLdapAuth.mixedAuth=true\u003c/code\u003e and \u003ccode\u003eSecurity.require_otp=true\u003c/code\u003e, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application \u003ccode\u003ebeforeFilter\u003c/code\u003e phase before the normal login flow enforces the OTP challenge.\u003c/p\u003e\u003cp\u003eAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\u003c/p\u003e\u003cp\u003eThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.\n\n\n\nAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\n\n\n\nThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:48:11.462Z",
"orgId": "5a6e4751-2f3f-4070-9419-94fb35b644e8",
"shortName": "CIRCL"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/39b3cb15aac4318afdd2ab63b96c2eac12b271fe"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5a6e4751-2f3f-4070-9419-94fb35b644e8",
"assignerShortName": "CIRCL",
"cveId": "CVE-2026-10611",
"datePublished": "2026-06-02T12:48:11.462Z",
"dateReserved": "2026-06-02T12:45:39.824Z",
"dateUpdated": "2026-06-02T16:05:19.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10617 (GCVE-0-2026-10617)
Vulnerability from cvelistv5 – Published: 2026-06-02 19:00 – Updated: 2026-06-03 14:08
VLAI
Title
nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
Summary
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367926 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367926/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10617 | third-party-advisory |
| https://vuldb.com/submit/829421 | third-party-advisory |
| https://github.com/nextlevelbuilder/goclaw/issues/1134 | exploitissue-tracking |
| https://github.com/nextlevelbuilder/goclaw/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextlevelbuilder | GoClaw |
Affected:
3.11.0
Affected: 3.11.1 Affected: 3.11.2 Affected: 3.11.3 cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:58:35.603066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T14:08:16.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"Webhook Verification Handler"
],
"product": "GoClaw",
"vendor": "nextlevelbuilder",
"versions": [
{
"status": "affected",
"version": "3.11.0"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T19:00:12.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367926 | nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367926"
},
{
"name": "VDB-367926 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367926/cti"
},
{
"name": "CVE-2026-10617 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10617"
},
{
"name": "Submit #829421 | nextlevelbuilder GoClaw \u003e= v2.8.1, \u003c= v3.11.3 Missing Authentication for Critical Function (CWE-306); Insufficient Verification of Data Authenticity (CWE-345)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/829421"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/nextlevelbuilder/goclaw/issues/1134"
},
{
"tags": [
"product"
],
"url": "https://github.com/nextlevelbuilder/goclaw/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-02T15:54:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10617",
"datePublished": "2026-06-02T19:00:12.000Z",
"dateReserved": "2026-06-02T13:49:15.773Z",
"dateUpdated": "2026-06-03T14:08:16.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.