CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

CVE-2026-9089

The CVE-2026-9089 issue affects the ConnectWise Automate Agent. According to connected sources, the agent does not fully verify the authenticity of components during plugin loading and self-update operations. The underlying impact is risk of tampered or unverified components being loaded during e...

CVE-2026-9089

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software developed by the American company ConnectWise. There is a security vulnerability in ConnectWise Automate Agent, which stems from an incomplete verification of component authenticity. This vulnerability may affect plugin...

PT-2026-42478

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2026.5 Description The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the...

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

EUVD-2026-31094

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

CVE-2026-25602

Summary: CVE-2026-25602 affects Mesalvo Meona’s Client Launcher and Server components with an insufficient verification of data authenticity. This could enable sending messages to arbitrary email addresses. Affected components and scope: Meona Client Launcher Component (affected up to 19.06.2020 ...

PT-2026-42143

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

APSB26-53 : Security update available for Content Credentials SDK

Adobe has released security updates for Content Credentials SDK. This update addresses critical and important vulnerability that could result in application denial-of-service...

CVE-2026-8142 CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...

Insufficient Verification of Data Authenticity

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the dolverifyHash function of the Online Signature Module. An attacker can bypass signature verificati...

CVE-2026-7611 TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...