SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE

SolarWinds Web Help Desk before version 2026.1 contains an insecure deserialization vulnerability in the jabsorb JSON-RPC library. When chained with a CSRF whitelist bypass CVE-2025-40536, remote unauthenticated attackers can exploit JNDI injection via the Apache Xalan JNDIConnectionPool class to...

PT-2026-48665

Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could...

PT-2026-48668

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail id value...

📄 MEmu Android Emulator 9.2.7.0 Privilege Escalation

MEmu Android Emulator version 9.2.7.0 suffers from a local privilege escalation vulnerability via insecure permissions. CVE-2026-36213 CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 CVE-2026-36213 — MEmu...

CVE-2026-45563 Roxy-WI: IDOR — any authenticated user can read another user's full action history

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

CVE-2026-45550 Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

CVE-2026-53475

CVE-2026-53475 affects the assisted-migration-agent. The component hardcodes insecure TLS connections when communicating with vCenter, enabling a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials, potentially granting unauthorized access to vCenter. The ...

EUVD-2026-36032

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

CVE-2026-53475

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

CVE-2026-11815

CVE-2026-11815 describes insecure deserialization via MITM between a client application and an API Gateway server, potentially allowing deserialization of arbitrary objects and leading to broken security expectations or remote code execution. The vulnerability is associated with the Layer 7 Polic...

CVE-2026-11815 Insecure Deserialization via MITM in Layer 7 Policy Manager

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

CVE-2026-11815 Insecure Deserialization via MITM in Layer 7 Policy Manager

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

MGASA-2026-0185 Updated minetest packages fix security vulnerabilities

Mod security sandbox escape. CVE-2026-40959 HTTP API and insecure environment access control bypass. CVE-2026-40960...

ROS-20260610-73-0007

The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

PT-2026-48448

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

ROS-20260610-73-0012

The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

CVE-2026-53673 BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...