CVE-2026-40995 X.509 authentication bypasses Spring Security account checks

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

EUVD-2026-36205

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

CVE-2026-40995

CVE-2026-40995 affects Spring Web Services versions 3.1.0–3.1.8, 4.0.0–4.0.18, 4.1.0–4.1.3, and 5.0.0–5.0.1. The issue arises in the X509AuthenticationProvider, which could issue a fully authenticated X509AuthenticationToken when a presented certificate maps to a UserDetails, without applying Spr...

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

Exploit for CVE-2026-28699

CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth...

Exploit for Improper Authentication in Pocketbase

CVE-2026-44166 — PocketBase OAuth2 Account Pre-Hijacking Self...

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

ABB Freelance 安全漏洞

ABB Freelance is a distributed control system developed by the Swiss company ABB. There is a security vulnerability in ABB Freelance, which stems from an authentication bypass exploit. The following versions are affected: Version 2013, Version 2013 SP1, Version 2016, Version 2016 SP1, Version 201...

PT-2026-48807

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

PT-2026-48635

Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024...

VMware Spring Web Services 授权问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...

Chatwoot Scanner

This is a security assessment tool designed to evaluate authentication status, response behavior, and possible exposure indicators in Chatwoot conversation filtering functionality...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...

PT-2026-48684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

PT-2026-48620

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...