CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...

Malwarebytes: Replayable Password Change Request Across Sessions.

Vulnerability description not provided...

PT-2025-37964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential inconsistent update of the reference count was identified in the smb2 compound op function. This inconsistency could lead to resource leaks. The issue arises because the...

Replayable signature in the mintReceipt function

Lines of code Vulnerability details Description In the mintReceipt function there is a check of the claimSignerAddress signature: if keccak256abi.encodePackedmsg.sender, questId != hash revert InvalidHash; if recoverSignerhash, signature != claimSignerAddress revert AddressNotSigned; The signatur...