CVE-2026-11535

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...

CVE-2026-11535

CVE-2026-11535 affects the PcSuite APP. The connected documents describe an authentication mechanism defect in PcSuite that can allow information leakage within Bluetooth range, leading to unauthorized access to victim devices. The NVD and CVE listings repeat the same description of unauthorized ...

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

SUSE CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

SUSE CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

EUVD-2026-36380

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

CVE-2026-48611

CVE-2026-48611 describes improper authentication checks in an OAuth implementation that can allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations. The public records do not specify targeted products, versions, vendor names, o...

CVE-2026-48611

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OIDC OpenID Connect authentication flow. When OIDC authentication is configured, identity tokens submitted during log...

PT-2026-48958

Name of the Vulnerable Software and Affected Versions Naxclow affected versions not specified Description The platform API that returns device relay registration details fails to verify if the requester is the legitimate device or owner, exposing a persistent credential. An actor capable of...

PT-2026-48906

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

PT-2026-48918

Name of the Vulnerable Software and Affected Versions Related Marketing Cloud RMC versions prior to 12052026 Description An authentication bypass by spoofing issue in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows for brute force attacks. Recommendations...

PT-2026-48940

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the manage secure connections permission to obtain remote cluster authentication tokens via a PATCH request to the...

PT-2026-48855

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...