1093 matches found
CVE-2026-11990
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-42864
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-57172
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...
CVE-2026-50721
CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...
EUVD-2026-36322
OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance...
ROOT-APP-NPM-CVE-2020-7720 CVE-2020-7720 in @rootio/node-forge - Patched by Root
Root has patched CVE-2020-7720 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-0122 CVE-2022-0122 in @rootio/node-forge - Patched by Root
Root has patched CVE-2022-0122 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33891 CVE-2026-33891 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33891 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-24773 CVE-2022-24773 in @rootio/node-forge - Patched by Root
Root has patched CVE-2022-24773 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root
Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-66030 CVE-2025-66030 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-66030 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-24771 CVE-2022-24771 in @rootio/node-forge - Patched by Root
Root has patched CVE-2022-24771 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33895 CVE-2026-33895 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33895 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
CVE-2026-56223
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
CVE-2026-56223
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...