Flowise - NVIDIA NIM Endpoints Missing Authentication

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...

CVE-2026-53862

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

CyberArk Idira Secrets Manager SaaS Edge 访问控制错误漏洞

CyberArk Idira Secrets Manager SaaS Edge is a distributed confidential access node component offered by the American company CyberArk. Versions of CyberArk Idira Secrets Manager SaaS Edge prior to version 1.8 contained an access control vulnerability. This vulnerability stemmed from improper acce...

PT-2026-48153

The RemoteControl API methods invite participants and remind participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

NocoDB: Missing Ownership Check in MCP Attachment Read

Summary A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership. Details The MCP readAttachment tool accepts...

PT-2026-47027

Name of the Vulnerable Software and Affected Versions UDS Identity Config versions 0.11.0 through 0.26.0 Description A logic error exists in the client-kubernetes-secret Keycloak client authenticator. This error causes the submitted client secret to be overwritten with the mounted Kubernetes secr...

CVE-2026-50214 Shared Secret Quota Inflation

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

GHSA-2H32-95RG-CPPP Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

BIT-ELK-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016635 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending ...

PT-2026-42675

Summary The OAuth token strategy attached oauth scope and oauth granted resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

PT-2026-42634

Summary The OAuth token strategy attached oauth scope and oauth granted resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

EUVD-2026-30487

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / file internal/api/handlers/v0/uiindex.html is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published...

WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

PT-2026-39260

Name of the Vulnerable Software and Affected Versions free5GC version 4.2.1 Description The Network Exposure Function NEF mounts the nnef-pfdmanagement route group without inbound OAuth2 or bearer-token authorization. This allows a network attacker with access to the Service-Based Interface SBI t...

GHSA-GJ2P-P9M4-C8GW Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure

Summary The GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read every address in the system, including addresses belonging to users in groups the...