Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to supply arbitrary shortcodes in the contentrechdata parameter that is then executed. This makes it possible for...

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

CVE-2026-56311 Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

EUVD-2026-38297

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249 Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-8074

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

EUVD-2026-38248

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

CVE-2026-8074

Mattermost CVE-2026-8074 affects Mattermost versions 11.7.x (&lt;=11.7.0) and 10.11.x (

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

CVE-2026-56425 MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-38086

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-45480

CVE-2026-45480 affects Azure Active Directory; improper authentication enables elevation of privileges over a network. The CVSS 3.1 score is 10.0 (CRITICAL) with network attack vector, no user interaction, and HIGH impact on confidentiality, integrity, and availability. No specific patch version ...

CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability

...

PT-2026-51031

Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...