Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

CVE-2026-56237

CVE-2026-56237 — Capgo : Capgo prior to 12.128.2 has a broken authentication vulnerability in its API key generation. API keys are exposed in frontend requests, and the backend does not validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the ...

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

EUVD-2026-38098

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

CVE-2026-56081

Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account...

Astra Linux – Vulnerability in etcd

An authentication vulnerability has been discovered in Etcd-io v.3.4.10. This vulnerability allows remote attackers to escalate privileges through the debug function...

PT-2026-51039

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...

EUVD-2026-37623

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

CVE-2026-54804

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

CVE-2026-49071 WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

CVE-2026-40785

CVE-2026-40785 concerns WordPress AutomatorWP plugin

EUVD-2026-36472

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

PT-2026-48866

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

CVE-2026-47238 ClipBucket: IDOR in videos subtitle editor

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

EUVD-2026-36130

Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input...

CVE-2026-6552

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper...