160566 matches found
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
PT-2026-49202
Name of the Vulnerable Software and Affected Versions ash authentication versions 0.1.0 through 4.13.x ash authentication versions 5.0.0-rc.0 through 5.0.0-rc.9 Description An authentication bypass by spoofing allows account takeover of local users during OAuth2 or OIDC sign-in. The issue occurs...
PT-2026-49512
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
PT-2026-49463
Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...
PT-2026-49459
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...
PT-2026-49496
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
PT-2026-49435
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
PT-2026-49510
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
PT-2026-49529
Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.7 i18next-fs-backend versions 2.6.5 and earlier Description The missingKeyHandler in i18next-http-middleware fails to reject dotted variants of restricted keys, such as proto .polluted, while only...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
RHEL 10 : fence-agents (RHSA-2026:25902)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...
Debian dla-4556 : dovecot-auth-lua - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...
PT-2026-49437
Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...
PT-2026-49307
Name of the Vulnerable Software and Affected Versions Discuz! X5.0 versions 20260320 through 20260501 Description An authentication bypass allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality. This is possible due to a shared cryptograph...
PT-2026-49228
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...
PT-2026-49590
Summary DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. Impact If the client follows a redirect the default option to an attacker controlled domain, the attacker may be able to extract the auth digest. This likely requires an open redirect...
PT-2026-49470
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...
PT-2026-49440
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
PT-2026-49595
Name of the Vulnerable Software and Affected Versions @nestjs/platform-fastify versions prior to 11.1.24 Description An authentication bypass exists in the Fastify adapter when middleware is registered through the MiddlewareConsumer.forRoutes API. An unauthenticated client can bypass registered...
PT-2026-49373
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...