CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

CVE-2026-49764

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49110

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

CVE-2026-48970

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

CVE-2026-42668

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...

CVE-2026-42411

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-40799

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...

CVE-2026-40781

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

CVE-2026-39450

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Critical Step in Authentication (CVE-2026-40542)

Summary There are vulnerabilities in httpclient5-5.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40542. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-40542 DESCRIPTION: Missing critical step in authentication in Apache HttpClient 5.6 allows an...

GHSA-6V32-FJC9-9QF6 Nest: Middleware Bypass on Fastify via Trailing Slash

Impact An authentication bypass vulnerability exists in @nestjs/platform-fastify confirmed on version 11.1.24, the latest available release at time of report. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated client can bypa...

EUVD-2026-36888

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49764

CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...