WordPress plugin Really Simple Security 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the student-management-system’s authorization mechanism; this vulnerability stems from improper authentication of unknown functions, which may lead to remote attac...

Collibra Agent 安全漏洞

Collibra Agent is an enterprise-level data governance and data quality enforcement component developed by Collibra Corporation. There is a security vulnerability in Collibra Agent, which stems from improper authentication in the REST API. This vulnerability could allow unauthorized remote attacke...

PT-2026-45746

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

PT-2026-45744

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require otp=true, users authenticated through an authentication plugin, such as LDAP, may have their...

PT-2026-45833

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description The SAML source response processor ResponseProcessor.parse fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, an...

PT-2026-45821

Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the resolveAuth function located in the internal/http/auth.go file, enabling remote...

OpenClaude 安全漏洞

OpenClaude is an open-source coding assistant CLI developed by Gitlawb. Versions of OpenClaude prior to 0.5.1 contained security vulnerabilities. These vulnerabilities were due to logical flaws in the conditional order logic within the MCP authentication process, allowing attackers to completely...

Protocol 授权问题漏洞

Protocol is a multi-version Minecraft support protocol library developed by Cloudburst. Versions of Protocol prior to 3.0.0.Beta12-20260420.182526-15 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from a lack of verification for FULL type authentication...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient policy enforcement in the password manager. A remote attacker could exploit this vulnerability by using a...

Fedora 43 : perl-Catalyst-Plugin-Authentication (2026-af4f5feae8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-af4f5feae8 advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 releaseagent feature...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2026-24090 Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2026-24090 Missing Authentication for Critical Function in HLOS

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-45690

A flaw was found in Nextcloud Server. This vulnerability allows a remote attacker, with knowledge of a user's password, to bypass two-factor authentication 2FA protections. When a user attempts to log in with valid credentials on a 2FA-enabled account, a temporary session token is generated befor...

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...