CVE-2026-0265 Vulnerability Assessment Tool

CVE-2026-0265 is a remote authentication bypass affecting PAN-OS and Panorama that triggers when an authentication profile uses Cloud Authentication Service CAS. This tool safely detects whether an instance is vulnerable without authenticating any session or modifying any state...

PT-2026-43070

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...

PT-2026-43123

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.77 through 0.83 Description The software uses a copy of the PuTTY icon to indicate trust for TELNET data. However, the trust status is not cleared between the proxy authentication phase and the main session, which may lead to...

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84 that stems from using a copy of the PuTTY icon as ...

PT-2026-43231

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from...

PT-2026-43147

Name of the Vulnerable Software and Affected Versions Stripe Payment Gateway for WooCommerce versions prior to 5.0.8 Description An authentication bypass using an alternate path or channel exists in the ThemeHigh Stripe Payment Gateway for WooCommerce, which allows for password recovery...

Collectric CMU SQL注入漏洞

The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

PT-2026-43214

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

PT-2026-43110

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session...

Soroush IM Desktop App 安全漏洞

Soroush IM Desktop App is a cross-platform instant messaging client from Soroush Iran. A security vulnerability exists in Soroush IM Desktop App version 0.17.0, which stems from an authentication bypass that could allow a local attacker to remove passwords by injecting database entries that are...

PT-2026-43045

Name of the Vulnerable Software and Affected Versions Szafir SDK versions prior to 463 Description The software returns a success status code from the cryptographic digital signature verification process when the trust status of the signer's certificate cannot be established. Specifically, the pa...

Linux Distros Unpatched Vulnerability : CVE-2026-39828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

CVE-2026-9398

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

CVE-2026-9398

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

CVE-2026-9398

The CVE-2026-9398 entry concerns Besen BS20 EV Charging Station with a flaw in the BLE/WiFi authentication that enables bypass via capture-replay. Affected component: BLE/WiFi, within the Besen BS20 line up to 20260426. The attack must originate from the local network; exploitation is described a...

CVE-2026-9398 Besen BS20 EV Charging Station BLE/WiFi authentication replay

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

CVE-2026-9398 Besen BS20 EV Charging Station BLE/WiFi authentication replay

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...