All CosmicBytez Labs articles tagged #Authorization Bypass, across news, security advisories, how-to guides, and projects.
A high-severity authorization bypass in Open WebUI prior to 0.9.5 allows authenticated users to attach arbitrary files to resources they do not own via...
CVE-2026-2347 is a CVSS 9.8 authorization bypass in Akilli's e-commerce platform, allowing attackers to hijack authenticated sessions by manipulating...
A CVSS 9.1 authorization bypass in InfusedWoo Pro for WordPress lets unauthenticated attackers permanently delete arbitrary data across all installations...
A critical CVSS 9.1 authorization bypass in the WordPress Create DB Tables plugin (all versions up to 1.2.1) allows unauthenticated users to create or...
A high-severity authorization bypass in SiYuan versions 3.6.3 and below allows attackers with RoleReader publish-service tokens to call a privileged...
An authorization flaw in Juju's Controller facade allows any authenticated low-privilege user to call the CloudSpec API and extract the cloud provider...
A high-severity authorization flaw in the ProfilePress WordPress plugin (up to v4.16.11) lets unauthenticated or low-privilege users bypass membership...
A critical CVSS 9.8 authorization bypass in OpenClaw's Zalouser allowlist mode matches mutable group display names instead of stable identifiers, letting...
A critical CVSS 9.8 authorization bypass in OpenClaw allows attackers to circumvent groupAllowFrom and requireMention protections in group chats by...
A critical CVSS 9.9 authorization bypass in OpenClaw allows authenticated users to self-declare elevated scopes over WebSocket connections without...
A critical (CVSS 9.6) authorization bypass vulnerability in the moodle-mod_customcert plugin allows any teacher with manage capability in a single course...