CVE-2025-31962 HCL BigFix IVR is impacted by an insufficient session expiration vulnerability

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...

CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

Incorrect Authorization

WSO2 is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks due to the ability to access protected APIs using a refresh token instead of an access token, potentially allowing prolonged unauthorized access to API resources...

CVE-2024-2321

An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...

PT-2025-8912 · Wso2 · Wso2

Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An issue exists where protected APIs can be accessed directly using a refresh token instead of the expected access token, due to improper authorization checks and token mapping. This...

CVE-2024-27086

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...

CVE-2024-27086

MSAL.NET for Xamarin Android and .NET Android (MAUI) is affected when using versions 4.48.0–4.60.0, due to an incorrect activity export configuration that can allow a local attacker on the device to cause a denial of service and block user login to affected apps. The vulnerability is classed as L...

Invalid backup configuration: Team chats backup using protected APIs must the enabled to protect Team chats.

Challenge After upgrading Veeam Backup for Microsoft 365 from v5 to v6a, during the next backup run, or when editing the job or organization, the following error occurs: Invalid backup configuration: Team chats backup using protected APIs must the enabled to protect Team chats. Issue Prevention...