CVE-2026-11596

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

CVE-2026-11596

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

EUVD-2026-36079

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

PT-2026-48490

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.2 Description Insufficient input validation within the Host Pass creation functionality allows an authenticated user with Host Pass creation privileges to specify a token expiration duration that exceeds the...

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 Multiple Vulnerabilities (ESA-2026-30 / ESA-2026-33 / ESA-2026-34 / ESA-2026-36)

The version of Kibana installed on the remote host is prior to 8.19.16 or 9.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-30, ESA-2026-33, ESA-2026-34, and ESA-2026-36 advisories. - A path traversal vulnerability was identified in Kibana's dashboard...

PT-2026-46229

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10

Challenge After upgrading Veeam ONE to version 13.0.x, the Veeam Analytics Service installation fails with the following error: Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10. The failure...

CVE-2026-33463

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

PT-2026-47588

Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated...

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

CVE-2026-44394

CVE-2026-44394 affects OpenStack Keystone before 29.0.2. The federated token rescoping mechanism does not propagate the original token expiry to the newly issued token; repeated rescopes can allow indefinite access by issuing tokens with a fresh TTL, bypassing token lifetime policies. Affected de...

Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification

Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...

RHCOS 4 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2548 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:3144)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3144 advisory. - jenkins: stored cross-site scripting in update center web pages SECURITY-1453 CVE-2019-10383 - jenkins: CSRF protection tokens for...

WordPress plugin MoreConvert Pro 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

CVE-2026-40939

The CVE concerns the Data Sharing Framework (DSF). Before version 2.1.0, OIDC-authenticated sessions had no maximum inactivity timeout, allowing sessions to persist indefinitely after login and token expiry. The issue is fixed in v2.1.0. Affected components are DSF FHIR and BPE servers with OIDC ...

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...