CVE-2026-34736

Open edX Platform experiened an account-activation bypass vulnerability (CVE-2026-34736). In affected versions from maple up to just before ulmo, an unauthenticated attacker could bypass email verification by chaining two issues: the OAuth2 password grant issuing tokens to inactive users, and the...

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

PT-2026-29871

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-20155 Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization...

UBUNTU-CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

Nautobot: Management of users via REST API does not apply configured password validators

Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...

CVE-2026-34203

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

CVE-2026-34203

Nautobot REST API user creation/editing before versions 2.4.30 and 3.0.10 does not enforce Django AUTH_PASSWORD_VALIDATORS, potentially allowing weak passwords. Affected: Nautobot prior to these patch versions; remediation: upgrade to 2.4.30 or 3.0.10 where password validation is applied."

CVE-2026-34373

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

CVE-2026-34373 Parse Server: GraphQL API endpoint ignores CORS origin restriction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

PT-2026-29333

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.30 Nautobot versions prior to 3.0.10 Description The application fails to enforce password validation rules defined by Django's AUTH PASSWORD VALIDATORS setting when creating or editing users via the REST API. Th...

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.30 and 3.0.10 contained security vulnerabilities. These vulnerabilities stemmed from the failure to apply the password validation rules defined by Django’s AUTHPASSWORDVALIDATORS when creating and...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +6240 more potentially affected by CVE-2026-34073 via cryptography (>=0.6.1 <=46.0.5)

cryptography PYPI version =0.6.1, =0.0.2, =2.3.84, =0.1.0, =2.3.0, =0.1.0, =0.5.0rc5, =0.9.2, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2026-34073 Source advisory: OSV:GHSA-M959-CC7F-WV43...