CVE-2026-44279

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI...

CVE-2026-44279

CVE-2026-44279 concerns an improper export of Android app components in Fortinet FortiTokenAndroid across versions 6.2, 6.1, and 5.2. The issue enables improper access control via an unspecified attack vector, with a CVSS v3.1 base score of 5.5 (Medium) and a LOCAL attack vector requiring LOW pri...

CVE-2026-44279

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI...

CVE-2026-44279

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI...

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via...

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...

CVE-2026-44277

Affected vendor/product : Fortinet FortiAuthenticator. Versions affected : 8.0.2, 8.0.0, 6.6.0–6.6.8, 6.5.0–6.5.6. Vulnerability type : improper access control. Impact : may allow an attacker to execute unauthorized code or commands via an attack vector (not specified in the provided documents). ...

CVE-2026-20887

Intel Vision software (all Ring 3 versions) is affected by CVE-2026-20887 due to improper access control. An unprivileged, unauthenticated attacker could trigger a low-complexity remote attack over the network to achieve remote code execution, with potential impacts to confidentiality (HIGH), and...

CVE-2026-20887

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...

CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

CVE-2026-25431

CVE-2026-25431 affects the WordPress Hustle plugin (

WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Hustle versions = 7.8.10.1...

CVE-2026-43992

The CVE describes a vulnerability in JunoClaw where, prior to version 0.x.y-security-1, MCP write tools (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted a mnemonic: string parameter, causing the BIP-39 seed to be embedded in the LLM tool-call JSON. T...

EUVD-2026-29487

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by she11f in WordPress Plugin AWP Classifieds versions = 4.4.5...

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime erro...

protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...