❌

Reading view

[NotCVE-2026-0001] Cloudflare Universal SSL CAA augmentation weakens RFC 8657 account binding β€” CVE-2026-14440 assigned 163 days after public no-CVE disclosure

Posted by NotCVE Advisories on Jul 15

----------------------------------------------------------------------------
NotCVE Disclosure Update β€” NotCVE-2026-0001 / CVE-2026-14440
----------------------------------------------------------------------------

[-] Summary:

On 2026-01-19 the issue described below was published as NotCVE-2026-0001
after no CVE identifier was assigned for it. On 2026-07-01 β€” 163 days
later β€” Cloudflare assigned CVE-2026-14440 to the same issue, now...
  •  

Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)

Posted by AliReza on Jul 15

# Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config
# Date: 2026-07-16
# Exploit Author: Alireza Chegini
# Vendor Homepage: https://ezsystemrepairs.com
# Software Link: https://ezsystemrepairs.com (Free version available)
# Version: 1.0.0 (v2.0 exists but not tested - paid license required)
# Tested on: Windows 10 / Windows 11
# CVE: Pending
============================================================

1. Description...
  •  

CVE-2026-56877 - Skillable SCORM userId authorisation bypass

Posted by Greg via Fulldisclosure on Jul 15

Skillable's SCORM lab launch endpoint validates a launch token but
enforces per-user allocation limits using a browser-supplied userId
that is not bound to the validated token. An authenticated learner
can modify this identifier to bypass configured limits, launch
concurrent lab instances, and consume another learner's allocation.
Skillable states that no fix is planned for the legacy SCORM launch
path. CVE-2026-56877 was assigned by...
  •  
❌