CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts...

Authentication Bypass

Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...

WordPress Receive Notifications After Form Submitting – Form Notify for Any Forms plugin <= 1.1.10 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Receive Notifications After Form Submitting – Form Notify for Any Forms versions = 1.1.10...

Improper Authentication

github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to missing user confirmation during JWT/OIDC authentication when using callbackmode=direct, which allows an attacker to initiate a malicious authentication request and trick a victim into automatically...

Two-Factor Authentication Bypass via Pending Session Token Replay

None...

Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

Improper Authentication

auth is vulnerable to Improper Authentication. The vulnerability is due to incorrect mapping of all Patreon OAuth accounts to the same local user ID, which allows an attacker to gain unauthorized access through account merging and privilege confusion...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

CVE-2026-44338 PraisonAI Authentication Bypass Lab Local Dock...

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

Gnutls: gnutls: authentication bypass via nul character in username

...

Security update for firebird

This update for firebird fixes the following issues CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer = 4 server bsc1262330. CVE-2026-27890: Pre-Auth DOS bsc1262328. CVE-2026-28212: One packet DoS bsc1262329. CVE-2026-28214: Server hangs when using specific...

SUSE-SU-2026:1868-1 Security update for firebird

This update for firebird fixes the following issues - CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer = 4 server bsc1262330. - CVE-2026-27890: Pre-Auth DOS bsc1262328. - CVE-2026-28212: One packet DoS bsc1262329. - CVE-2026-28214: Server hangs when using...

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

CVE-2026-5229 Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

EUVD-2026-30516

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to an Authentication Bypass in versions up to 1.1.10 due to trusting user-controlled cookie data to select the WordPress account after a LINE OAuth login. If LINE omits an email address, the plugin uses the 'form_notify_line_email' cookie without...

CVE-2026-5229 Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the findfastapivalidator function. An attacker can gain unauthorized access to sensitive API endpoints by sending requests to non-/gateway/ paths when the server is started with authenticati...

Authentication Bypass by Primary Weakness

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the...