PT-2026-49437

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

PT-2026-49228

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

CVE-2026-36537

ThingsBoard 4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The vulnerability arises because the application trusts user-supplied identity data in the user parameter of the /login/oauth2/code/ endpoint; by manipulating the email field in that JSON, ...

CVE-2026-45389

Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...

PT-2026-49202

Name of the Vulnerable Software and Affected Versions ash authentication versions 0.1.0 through 4.13.x ash authentication versions 5.0.0-rc.0 through 5.0.0-rc.9 Description An authentication bypass by spoofing allows account takeover of local users during OAuth2 or OIDC sign-in. The issue occurs...

ROS-20260615-73-0035

The vulnerability of the rtsreadauthverifiernochecks function in the FreeRDP client is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2026-49435

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...

PT-2026-49463

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

PT-2026-49496

Name of the Vulnerable Software and Affected Versions Really Simple SSL versions prior to 9.5.11 Description Broken authentication allows unauthenticated users to bypass security controls. Recommendations Update to version 9.5.11 or later...

PT-2026-49424

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

PT-2026-49287

Name of the Vulnerable Software and Affected Versions ThingsBoard version 4.3.0.1 Description An authentication bypass exists during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the '/login/oauth2/code/' endpoint...

PT-2026-49459

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...

PT-2026-49510

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

PT-2026-49422

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

PT-2026-49512

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

PT-2026-49470

Name of the Vulnerable Software and Affected Versions MultiJuicer versions 8.0.0 through 10.0.0 Description The team join endpoint 'POST /multi-juicer/api/teams/team/join' accepts requests with any Content-Type, including text/plain. Since this content type does not trigger a Cross-Origin Resourc...

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...