CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

EUVD-2026-33265

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

CVE-2026-2128

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the jwt.decode or jwt.decodecomplete functions when used with a PyJWK key. An attacker can bypass algorithm restrictions and gain unauthorized access to protected resources by signing...

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

CVE-2026-45575 epa4all-client: Improper Verification of Cryptographic Signature

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to 1.2.1 contained a trust management vulnerability. This vulnerability stemmed from the ECDSA signature verification in SignedPublicKeysTrustValidatorImpl.isTrusted, where the...

Krajowa Izba Rozliczeniowa Szafir SDK 安全漏洞

Krajowa Izba Rozliczeniowa Szafir SDK is an electronic signature development kit from Krajowa Izba Rozliczeniowa, Poland. A security vulnerability exists in the Krajowa Izba Rozliczeniowa Szafir SDK that stems from the cryptographic digital signature verification process returning a success statu...

PT-2026-42857

Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

CVE-2024-36334

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the collectionaccess verification function not checking the knowledge base collection. As ...

WordPress plugin Smart Appointment & Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8258-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8258-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

CVE-2026-40243

CVE-2026-40243 describes a TLS verification flaw in Incus (OVN integration) where the OVN database client disables standard TLS verification and uses a custom VerifyPeerCertificate callback that builds trust roots from peer-supplied certificates, ignoring the configured CA pool. This allows an at...

Linux Distros Unpatched Vulnerability : CVE-2026-7689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library...