CVE-2026-33843

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

SQL Injection

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

CVE-2026-26148

The CVE-2026-26148 issue affects the Microsoft Azure AD SSH Login extension for Linux, causing elevation of privilege. According to the provided metrics, the vulnerability is a LOCAL, high-severity flaw (CVSS 3.1: 8.1) with no required user interaction and no privileges required. The attack compl...

WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin <= 2.2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login versions = 2.2.5...

CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...