CVE-2026-44748 XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

PT-2026-47926

Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services affected versions not specified Description Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally, which can affect the system. Recommendations At...

CVE-2026-36721

CVE-2026-36721 affects bookcars v8.3. The root cause is a lack of cryptographic signature verification in the validateAccessToken function, which enables attackers to bypass authentication via a forged JWT token. The CVE is rated with a high impact metric (CVSS v3.1: 9.8, Critical) across confide...

CVE-2026-36809

CVE-2026-36809 affects Shenzhen Tenda Technology Co., Ltd. Tenda W15E v15.11.0.10. A buffer overflow in the webAuthWhiteID parameter of the function formModifyWebAuthWhiteUser is described, enabling a Denial of Service via a crafted HTTP request. The documents do not provide exploit code, affecte...

PT-2026-47847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl recv event parses Content-Length with atol and passes the result straight to mallocle...

PT-2026-48167

Name of the Vulnerable Software and Affected Versions bookcars version 8.3 Description A lack of cryptographic signature verification in the validateAccessToken function allows attackers to bypass authentication by using a forged JSON Web Token JWT, which is a compact, URL-safe means of...

CVE-2026-36808

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48124

Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an attacker to perform spoofing over a network, which can affect the system. Recommendations At the...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

CVE-2026-36820

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36799

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the gotoUrl parameter of the formPortalAuth function, which could allow attackers to cause...

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient authentication and input validation, which may allow unauthorized users on the local network to...

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthUserPwd parameter within the formModifyWebAuthUser function, which could allow...