CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from missing identity verification mechanisms, which could allow unauthorized access to internal site structure data...

OPPO O+ Connect 安全漏洞

OPPO O+ Connect is a multi-device connectivity and data collaboration platform developed by OPPO Corporation in China. There is a security vulnerability in OPPO O+ Connect, which stems from the failure to verify the identity of the caller on the pipeline interface, potentially leading to an...

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there were...

CVE-2026-42303 Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

CVE-2026-42303 Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

CVE-2026-42303

CVE-2026-42303 affects Fides (privacy engineering platform). From version 2.75.0 up to, but not including, 2.83.2, deployments that enable both subject identity verification and duplicate privacy request detection are vulnerable to an administrator approving a privacy request whose identity was n...

Admidio 授权问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was an authorization vulnerability. This vulnerability stemmed...

Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...

GHSA-QX5F-GHC2-7G5C Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...

PT-2026-37261

Name of the Vulnerable Software and Affected Versions Fides versions 2.75.0 through 2.83.1 Description Deployments that enable both subject identity verification and duplicate privacy request detection are susceptible to an issue where an administrator can approve a privacy request without the...

EUVD-2026-22824

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Age Verification & Identity Verification by Token of Trust 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-32999

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

Synopsys Coverity Connect 安全漏洞

Synopsys Coverity Connect is a web-based platform provided by Synopsys, Inc. It primarily consists of static code analysis tools and dynamic code analysis tools. Synopsys Coverity Connect has security vulnerabilities; one of these vulnerabilities stems from the identity verification logic in the...

IGL-Technologies eParking.fi 安全漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability, as the identity verification identifier of the charging statio...

EUVD-2026-13253

OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.13 and 8.6.39. These vulnerabilities stemmed from the OAuth2 authentication...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.9 and 8.6.22 contain authorization vulnerabilities. This vulnerability stems from the OAuth2 authentication adapter not...