| CVE-2026-50194 |
2026-06-17 |
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 a… |
| CVE-2026-12225 |
2026-06-16 |
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass th… |
| CVE-2026-49764 |
2026-06-15 |
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. |
| CVE-2026-48970 |
2026-06-15 |
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. |
| CVE-2026-42668 |
2026-06-15 |
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. |
| CVE-2026-42411 |
2026-06-15 |
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. |
| CVE-2026-42378 |
2026-06-15 |
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. |
| CVE-2026-40799 |
2026-06-15 |
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. |
| CVE-2026-40790 |
2026-06-15 |
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. |
| CVE-2026-40785 |
2026-06-15 |
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. |
| CVE-2026-40781 |
2026-06-15 |
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |
| CVE-2026-39450 |
2026-06-15 |
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. |
| CVE-2026-49062 |
2026-06-15 |
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation.
This issue affects Faust.Js: from n/a through 1.8.7. |
| CVE-2026-47200 |
2026-06-12 |
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.… |
| CVE-2026-10523 |
2026-06-09 |
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts … |
| CVE-2026-5415 |
2026-06-05 |
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and includi… |
| CVE-2026-36175 |
2026-06-04 |
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted stri… |
| CVE-2026-42654 |
2026-06-02 |
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation.
This issue affects Wallet System for WooCommer… |
| CVE-2026-40780 |
2026-06-02 |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation.
This issue affects BookIt: from n/a before 2.5.4.1. |
| CVE-2026-45577 |
2026-05-29 |
Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback so… |