791 matches found
CVE-2026-8396
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...
CVE-2026-8396
CVE-2026-8396 is an XML external entity (XXE) vulnerability in NetGIS from Netcad Software Inc. The issue arises from an improper restriction of XML external entity references, enabling Serialized Data External Linking. Affected products/versions: NetGIS 5.0.66 through before 7.2.2 (i.e., 5.0.66 ...
CVE-2026-8396 XXE in Netcad's NetGIS
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...
EUVD-2026-45165
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...
PT-2026-60743
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...
CVE-2026-53516
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...
CVE-2026-53513
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53513
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
EUVD-2026-44733
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...
CVE-2026-53516
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...
CVE-2026-50686
Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...
CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability
...
CVE-2026-50686
CVE-2026-50686 is a Windows OLE remote code execution vulnerability caused by a type confusion in resource access. It enables network-exposed code execution without authentication and is documented with CVSS v3.1 base score 8.1 (High). Public references identify the affected area as Windows OLE, ...
CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability
...
CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability
...
CVE-2026-50344
CVE-2026-50344 corresponds to an Windows OLE elevation-of-privilege vulnerability. Description from sources: “Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.” Exploitation details are not provided beyond that this is a local privilege escalation ...
Windows OLE Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...
Windows OLE Elevation of Privilege Vulnerability
Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...
PT-2026-58332
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper authorization in Windows OLE Object Linking and Embedding, a framework that allows embedding documents and other objects in one application within another application allows an...