NocoDB: Server-Side Request Forgery via Base Migration URL

Summary The base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP destinations. Details The migrate endpoint is restricted to the workspace owner...

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

EUVD-2026-37706

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

CVE-2026-55706

sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-54804

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

CVE-2026-49268

The CVE-2026-49268 issue affects Apache Shiro’s DefaultLdapRealm where user input is concatenated into the LDAP DN template without escaping RFC 2253 characters. This LDAP DN injection can alter the bind DN, potentially bypassing authentication or impersonating other users. Technical details conf...

EUVD-2026-37701

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

CVE-2026-49268 Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

CVE-2026-10839

CVE-2026-10839 describes an open redirect in the Password Manager authentication system. The vulnerability arises from manipulation of the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login. Impact is limited to confidential...