CVE ID :CVE-2026-29782 Published : April 2, 2026, 2:16 p.m. | 57 minutes ago Description :OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize() on the access_token field without any class restriction. This issue has been patched in version 2.10.2. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...