CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

PeopleSoft (Oracle) PSCipher Encryption Weakness

Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...