CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OIDC OpenID Connect authentication flow. When OIDC authentication is configured, identity tokens submitted during log...

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2397)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...

Linux Distros Unpatched Vulnerability : CVE-2026-9742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OIDC authentication is enabled in configuration, clients may set specific values in the mechanism parameter of the authenticate command that lead to server...

MongoDB 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - When OIDC authentication is enabled in configuration, clients may set specific values in the 'mechanism' parameter of the 'authenticate'...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty ( CVE-2026-41417 )

Summary IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server ( CVE-2026-29087 & CVE-2026-39406 )

Summary IBM App Connect Enterprise runtime is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server. Vulnerability Details CVEID:CVE-2026-29087 DESCRIPTION: @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, wh...

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

CVE-2026-6090

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

CVE-2026-11956

CVE-2026-11956 affects TwiN gatus 5.36.0, specifically the OIDC Session Cookie Handler (setSessionCookie). The issue is a missing Secure attribute on the session cookie, enabling potential exposure of sensitive cookie data via remote manipulation. The description indicates high attack complexity ...

CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

CVE-2026-11956 TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

gatus 安全漏洞

Gatus is a service health monitoring and alerting tool developed by TwiN’s individual developers. Version 5.36.0 of Gatus contains a security vulnerability. This vulnerability stems from the setSessionCookie function in the OIDC session cookie handler. Performing certain operations may result in...

PT-2026-48659

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

CVE-2026-6090

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

EUVD-2026-36049

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

CVE-2026-6090

Lenovo Smart Connect for Windows is described as affected by CVE-2026-6090, a potential authentication bypass that could allow a local authenticated user to execute arbitrary code with elevated privileges. CVSS metrics show: CVSS v3.1 base score 7.0 (LOCAL, HIGH impact to Confidentiality/Integrit...