Apache Tomcat: Apache Tomcat: Authentication bypass due to CLIENT_CERT soft fail misconfiguration

A flaw was found in Apache Tomcat and Apache Tomcat Native. When CLIENTCERT authentication is configured with "soft fail" disabled, the authentication process may not correctly fail in certain scenarios. This vulnerability could allow an attacker to bypass expected client certificate...

EUVD-2026-31008

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017423 advisory. An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by...

CVE-2026-22754

A flaw was found in Spring Security. When an application uses to define authorization rules, the servlet path may not be correctly included in the path matcher. This oversight can lead to an authorization bypass, allowing a remote attacker to access protected resources without proper authenticati...

CVE-2026-5749

CVE-2026-5749 concerns Fullstep V5, where inadequate access control in the registration flow could let unauthenticated users obtain a valid JWT token to access authenticated API resources. This could compromise confidentiality of affected resources when a valid token is presented. The CVSS 4.0 ba...

Fullstep 访问控制错误漏洞

Fullstep is a corporate procurement and supply chain management platform developed by Fullstep Inc. The Fullstep V5 version contains an access control vulnerability. This vulnerability stems from insufficient access control during the registration process, allowing unauthenticated users to obtain...

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions 7.5.0 to 7.15.1 of OAuth2 Proxy have security vulnerabilities. These vulnerabilities stem from configuration-related authenticatio...

PT-2026-34332

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

CVE-2025-12624

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

PT-2026-33306

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

CVE-2026-0234

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

CVE-2026-0234

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

CVE-2026-0234

CVE-2026-0234 affects Cortex XSOAR and Cortex XSIAM in the Microsoft Teams integration. The vulnerability arises from improper verification of cryptographic signatures, allowing an unauthenticated actor to access and modify protected resources. Technical details in PT-Security and vendor advisori...

Palo Alto Networks Cortex XSOAR 安全漏洞

Palo Alto Networks Cortex XSOAR is an application software developed by Palo Alto Networks in the United States. It provides a security orchestration, automation, and response platform, along with threat intelligence management and a built-in marketplace. There are security vulnerabilities in Pal...

CVE-2026-35617

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in Google Chat group policy execution. Attackers could rebind policies by...

EUVD-2026-14389

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...