CVE-2026-56675: CWE-287: Improper Authentication in decolua 9router
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-05-07 - Emergency
This emergency release introduces a new rule to detect Next.js App Router middleware and proxy bypass attempts via segment-prefetch routes (
Critical Undocumented Authentication Backdoor Found in Multiple Tenda Router Firmware Versions (CVE-2026-11405)
Tenda firmware (multiple versions) contains hidden authentication backdoor
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
Hello! Yes, it's all a disaster again! Let's get this party started: 0:00 /0:12 1× No comments today, so imagine this: * We wrote something
watchTowr Labs·2mo agoCVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication b

Comments
Sign in to join the conversation.
No comments yet. Be the first.