EUVD-2026-31890

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

EUVD-2026-31883

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-48897

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2026-45721

CVE-2026-45721 (Algernon) describes a pre-auth remote code execution in Algernon web server prior to version 1.17.7. When a request targets a directory without an index, DirPage behavior walks upward through parent directories past the configured server root in search of a file named handler.lua....

EUVD-2026-31867

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute a...

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

EUVD-2025-209932

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2025-36221

Summary: CVE-2025-36221 affects IBM Cloud Pak for Data System – Cyclops 11.3.0.2 with Interim Fix 002. The root cause is the use of default passwords from the manufacturing process during installation, which could allow an attacker to bypass authentication. Impact (as documented): Authentication ...

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

JLSEC-2026-518

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

JLSEC-2026-522

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

CVE-2026-48133

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway...

CVE-2026-9373

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

CVE-2026-47280

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33843

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...