Logo
Retour à la veille

CVE-2026-48611

Publié : 12 juin 2026
Modifié : 12 juin 2026
Lien officiel NVD
Score CVSS
9.8
CRITICAL

Description détaillée

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://www.phpbb.com/community/viewtopic.php?t=2672170

Dernières Vulnérabilités

CVE-2026-9271

Vulnerability Title

VOIR DÉTAILS

CVE-2026-9269

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

VOIR DÉTAILS

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions.

VOIR DÉTAILS