CVE-2026-44695 Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2024-8691

A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from...

PT-2024-39178 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS software affected versions not specified Description: A vulnerability in the GlobalProtect portal enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect...

Siemens Mendix SAML Module Authentication Bypass Vulnerability

Siemens Mendix SAML Module is an application module from Siemens, Germany. It is used to grant access to Mendix applications based on the end-user's identity in your identity provider. An authentication bypass vulnerability exists in Siemens Mendix SAML Module, which could be exploited by an...

PT-2022-24052 · Ftcms · Ftcms

Name of the Vulnerable Software and Affected Versions: ftcms version 2.1 Description: The issue is related to a Cross Site Request Forgery CSRF vulnerability in the PHP page. This vulnerability allows an attacker to forge a link, tricking the victim into clicking on a malicious link or visiting a...