Monthly
MantisBT versions prior to 2.28.1 contain an authentication bypass vulnerability in the SOAP API caused by improper type checking on the password parameter when running on MySQL family databases. An attacker who knows a victim's username can log in to the SOAP API without knowing the correct password and execute any API function available to that account. While a CVE CVSS score is not yet assigned, the vulnerability is patched in version 2.28.1, and disabling the SOAP API reduces but does not eliminate the risk.
Ory Oathkeeper contains a cache key confusion vulnerability in its oauth2_introspection authenticator that allows attackers to bypass authentication by reusing tokens across different introspection servers. Attackers with a valid token for one configured introspection server can exploit the cache mechanism to gain unauthorized access to resources protected by different introspection servers. This vulnerability requires the specific precondition of multiple oauth2_introspection authenticators with caching enabled, and a patch is available from the vendor.
This vulnerability in Dahua NVR/XVR devices allows unauthenticated privilege escalation through the serial port console by bypassing shell authentication mechanisms. Affected devices include Dahua NVR2-4KS3, XVR4232AN-I/T, and XVR1B16H-I/T models with build dates prior to March 3, 2026. An attacker with physical access to the device can gain a restricted shell and escalate privileges to access sensitive system functions, though the CVSS 2.4 score reflects the requirement for physical proximity and lack of data availability impact.
curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.
libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.
Keycloak's SAML identity provider broker fails to enforce client disabled status during IdP-initiated SSO flows, allowing attackers with valid credentials to establish authenticated sessions and access other enabled clients without re-authentication. An authenticated remote attacker can exploit this authentication bypass to gain unauthorized access to protected resources across the Keycloak ecosystem. No patch is currently available.
Auth bypass in device authentication module.
Improper use of cryptographic functions in IBM MQ versions 9.1 through 9.4 allows local attackers with user privileges to modify message integrity through user interaction. The vulnerability affects multiple LTS and CD releases across the supported product line, with no patch currently available. An attacker could manipulate messages in transit to alter their content without detection.
Brocade Active Support Connectivity Gateway versions up to 3.4.0 contains a vulnerability that allows attackers to an unauthorized user to perform ASCG operations related to Brocade Support Link( (CVSS 8.8).
Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).
MantisBT versions prior to 2.28.1 contain an authentication bypass vulnerability in the SOAP API caused by improper type checking on the password parameter when running on MySQL family databases. An attacker who knows a victim's username can log in to the SOAP API without knowing the correct password and execute any API function available to that account. While a CVE CVSS score is not yet assigned, the vulnerability is patched in version 2.28.1, and disabling the SOAP API reduces but does not eliminate the risk.
Ory Oathkeeper contains a cache key confusion vulnerability in its oauth2_introspection authenticator that allows attackers to bypass authentication by reusing tokens across different introspection servers. Attackers with a valid token for one configured introspection server can exploit the cache mechanism to gain unauthorized access to resources protected by different introspection servers. This vulnerability requires the specific precondition of multiple oauth2_introspection authenticators with caching enabled, and a patch is available from the vendor.
This vulnerability in Dahua NVR/XVR devices allows unauthenticated privilege escalation through the serial port console by bypassing shell authentication mechanisms. Affected devices include Dahua NVR2-4KS3, XVR4232AN-I/T, and XVR1B16H-I/T models with build dates prior to March 3, 2026. An attacker with physical access to the device can gain a restricted shell and escalate privileges to access sensitive system functions, though the CVSS 2.4 score reflects the requirement for physical proximity and lack of data availability impact.
curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.
libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.
Keycloak's SAML identity provider broker fails to enforce client disabled status during IdP-initiated SSO flows, allowing attackers with valid credentials to establish authenticated sessions and access other enabled clients without re-authentication. An authenticated remote attacker can exploit this authentication bypass to gain unauthorized access to protected resources across the Keycloak ecosystem. No patch is currently available.
Auth bypass in device authentication module.
Improper use of cryptographic functions in IBM MQ versions 9.1 through 9.4 allows local attackers with user privileges to modify message integrity through user interaction. The vulnerability affects multiple LTS and CD releases across the supported product line, with no patch currently available. An attacker could manipulate messages in transit to alter their content without detection.
Brocade Active Support Connectivity Gateway versions up to 3.4.0 contains a vulnerability that allows attackers to an unauthorized user to perform ASCG operations related to Brocade Support Link( (CVSS 8.8).
Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).