CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

OPPO Wallet 访问控制错误漏洞

OPPO Wallet is a mobile wallet application developed by OPPO Corporation in China. It integrates payment, card and coupon management, as well as digital lifestyle services. OPPO Wallet has a access control vulnerability, which stems from a trust domain verification flaw. This vulnerability could...

CVE-2026-28275

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API...

CVE-2025-31962

CVE-2025-31962 affects HCL BigFix IVR 4.2 Web UI authentication component. The root cause is insufficient session expiration, enabling an authenticated attacker to maintain prolonged access to protected API endpoints due to overly long session lifetimes. Documented impact is unauthorized access t...