PT-2026-45851

Name of the Vulnerable Software and Affected Versions sayan365 student-management-system versions prior to 7f3c9ce7d410332335c2affac93a385485051800 Description An issue in multiple endpoints allows for remote manipulation resulting in improper authentication. This occurs within an unknown functio...

Fedora 43 : perl-Catalyst-Plugin-Authentication (2026-af4f5feae8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-af4f5feae8 advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 releaseagent feature...

Fedora 44 : perl-Catalyst-Plugin-Authentication (2026-26666575ae)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-26666575ae advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerability (USN-8353-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8353-1 advisory. Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote...

WordPress plugin Wallet System for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Collibra Agent 安全漏洞

Collibra Agent is an enterprise-level data governance and data quality enforcement component developed by Collibra Corporation. There is a security vulnerability in Collibra Agent, which stems from improper authentication in the REST API. This vulnerability could allow unauthorized remote attacke...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-24090 Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2026-24090 Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-45690

A flaw was found in Nextcloud Server. This vulnerability allows a remote attacker, with knowledge of a user's password, to bypass two-factor authentication 2FA protections. When a user attempts to log in with valid credentials on a 2FA-enabled account, a temporary session token is generated befor...

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-40964

Cloud Foundry Foundation reports an Authentication Bypass in cf-auth-proxy that permits an unauthenticated remote attacker to read all logs and metrics for all apps and platform components by minting a JWT accepted as a valid logs.admin token. Affected: log-cache_release up to v3.2.6 (inclusive);...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...