bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the lack of encryption signature verification in the validateAccessToken function, which may allow attackers to bypass authentication...

PT-2026-47779

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

389 Directory Server 数字错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a numerical error vulnerability, which stems from the SMD5 password storage plugin executing an unsigned integer underflow when calculating...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...

WordPress plugin WPForms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

CVE-2026-36721

CVE-2026-36721 affects bookcars v8.3. The root cause is a lack of cryptographic signature verification in the validateAccessToken function, which enables attackers to bypass authentication via a forged JWT token. The CVE is rated with a high impact metric (CVSS v3.1: 9.8, Critical) across confide...

Catalyst-Plugin-Authentication 授权问题漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10027 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the lack of automatic session ID changes after...

NETGEAR多款产品 输入验证错误漏洞

NETGEAR RAX120 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have a vulnerability related to input validation errors. This vulnerability stems from insufficient authentication and input validation, which may allow users with local network access to execu...

PT-2026-48167

Name of the Vulnerable Software and Affected Versions bookcars version 8.3 Description A lack of cryptographic signature verification in the validateAccessToken function allows attackers to bypass authentication by using a forged JSON Web Token JWT, which is a compact, URL-safe means of...

PT-2026-47807

Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An authentication bypass allows a remote unauthenticated attacker to create arbitrary administrative accounts a...

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient authentication and input validation, which may allow unauthorized users on the local network to...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2200)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

Fedora 43 : exim (2026-71b1e9b455)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71b1e9b455 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

Fedora 44 : exim (2026-78bf093219)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-78bf093219 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

EulerOS 2.0 SP11 : cups (EulerOS-SA-2026-2199)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a...

📄 Meta AI Information Disclosure

Meta AI has publicly accessible hosted files generated through the upload workflow that expose unsanitized object metadata through response headers. The exposed metadata contains uploader-associated information including public IP addresses and additional internal object properties. The issue...

CVE-2026-44422

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

Exploit for CVE-2026-43512

CVE-2026-43512 — Apache Tomcat DIGEST Authentication Bypass...