161473 matches found
CVE-2026-11535
CVE-2026-11535 affects the PcSuite APP. The connected documents describe an authentication mechanism defect in PcSuite that can allow information leakage within Bluetooth range, leading to unauthorized access to victim devices. The NVD and CVE listings repeat the same description of unauthorized ...
CVE-2026-11535
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...
EUVD-2026-36391
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device...
CVE-2026-48611
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks in the OAuth implementation. An attacker can gain unauthorized access by exploiting the lack of proper validation, even when OAuth is not configured or...
SUSE CVE-2026-10143
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...
SUSE CVE-2026-11789
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
CVE-2026-48611
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...
EUVD-2026-36380
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...
CVE-2026-48611
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations...
CVE-2026-48611
CVE-2026-48611 describes improper authentication checks in an OAuth implementation that can allow account hijacking even when OAuth is not configured or enabled, leading to unauthorized access in default installations. The public records do not specify targeted products, versions, vendor names, o...
CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-11933
Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.
Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
PT-2026-48947
Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.15 and earlier SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OIDC OpenID Connect authentication flow. When OIDC is configured, the system accepts identity tokens during login...
PT-2026-49057
Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...
PT-2026-48987
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description An issue exists in the Jobs::RedeliverWebHookEvents function where the MessageBus.publish call f...
PT-2026-48835
The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection...
PT-2026-48931
Name of the Vulnerable Software and Affected Versions chisel affected versions not specified Description Authenticated clients can bypass Access Control List ACL restrictions defined via the --authfile parameter to tunnel traffic to arbitrary destinations reachable from the server. While the serv...
PT-2026-48961
Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...