CVE-2026-7689

Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...

Not Failing Securely ('Failing Open')

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the verifyhash function in authlib/oidc/core/claims.py. An attacker can substitute an access token or authorization code undetect...