PT-2026-49043

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description An issue exists in the retry endpoint checks where hostname validation allows matching hostname prefixes instead of requiring exact hostnames. This allows attackers to craft a hostname prefix tha...

PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

PT-2026-48958

Name of the Vulnerable Software and Affected Versions Naxclow affected versions not specified Description The platform API that returns device relay registration details fails to verify if the requester is the legitimate device or owner, exposing a persistent credential. An actor capable of...

PT-2026-48963

Name of the Vulnerable Software and Affected Versions Actual Budget sync-server versions prior to 26.5.0 Description The POST /openid/config endpoint exposes the complete OpenID Connect configuration, which includes the OAuth2 client secret. This information is accessible to any user who possesse...

PT-2026-48845

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description An authentication bypass exists in the OAuth2 TokenIntrospectionService. A missing 'throw' keyword in the security context check allows unauthenticated network...

PT-2026-48899

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

PT-2026-48855

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

PT-2026-48866

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

PT-2026-48885

Name of the Vulnerable Software and Affected Versions Pause+ Mobile App versions 1.0.6 through 1.4.x Description Improper restriction of excessive authentication attempts allows for authentication bypass. Recommendations Update to version 1.5...

PT-2026-48826

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Improper authentication checks in the OAuth implementation allow remote unauthenticated account hijacking. This issue can lead to unauthorized access in default installations, even in cases where OAut...

PT-2026-48918

Name of the Vulnerable Software and Affected Versions Related Marketing Cloud RMC versions prior to 12052026 Description An authentication bypass by spoofing issue in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows for brute force attacks. Recommendations...

📄 Palo Alto GlobalProtect Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

PT-2026-48940

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the manage secure connections permission to obtain remote cluster authentication tokens via a PATCH request to the...

Linux Distros Unpatched Vulnerability : CVE-2026-48859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing...

Ivanti Sentry < R10.5.2 / R10.6.2 / R10.7.1 Multiple Vulnerabilities

The version of Ivanti Sentry formerly MobileIron Sentry running on the remote host is prior to R10.5.2, R10.6.2, or R10.7.1. It is, therefore, affected by multiple vulnerabilities : - An OS command injection vulnerability allows a remote, unauthenticated attacker to achieve root-level remote code...

Linux Distros Unpatched Vulnerability : CVE-2026-40997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clien...

Linux Distros Unpatched Vulnerability : CVE-2026-9742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OIDC authentication is enabled in configuration, clients may set specific values in the mechanism parameter of the authenticate command that lead to server...

MongoDB 8.3.x < 8.3.3 Information Disclosure

The version of MongoDB installed on the remote host is 8.3.x prior to 8.3.3. It is, therefore, affected by an information disclosure vulnerability: - MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metri...