PT-2026-50131

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

PT-2026-49727

Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166 Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets...

PT-2026-50144

Name of the Vulnerable Software and Affected Versions vLLM versions 0.3.0 through 0.21.0 Description An authentication bypass exists in the OpenAI API AuthenticationMiddleware due to improper trust in the reconstructed URL path from the ASGI scope. The url path is derived from a URL object...

PT-2026-49884

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2026-49827

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)

Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...

EUVD-2026-36987

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

EUVD-2026-36989

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

EUVD-2026-36929

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

EUVD-2026-36764

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

EUVD-2026-36765

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

EUVD-2026-36747

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

CVE-2026-49764

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49110

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

CVE-2026-48970

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...