Client-Side Enforcement of Server-Side Security

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security through the processAction registration flow in the WebAuthn...

CVE-2026-8745

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogstimeradd in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

PT-2026-42012

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1 Description A Denial of Service DoS flaw exists in the title input functionality due to missing length validation. An attacker can trigger an Out Of Memory OOM error, leading to program termination, by inserting ...

EUVD-2026-30953

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

PT-2026-41988

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

Security Bulletin: NVIDIA Triton Inference Server - May 2026

NVIDIA has released a software update for NVIDIA® Triton Inference Server. To protect your system, clone or update this software to Triton Server r26.03 or later from the NVIDIA Triton Inference Server GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potentia...

PT-2026-41947

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

MAL-2026-4111 Malicious code in @antv/x6-plugin-transform (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

EUVD-2026-30949

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

PT-2026-41968

Name of the Vulnerable Software and Affected Versions Mailpit affected versions not specified Description Unauthenticated remote attackers can cause a denial of service DoS by sending arbitrarily large messages via the SMTP server or the HTTP API. The application fails to enforce limits on the...

PT-2026-41859

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Authentication occurs due to a password-change logic flaw, which can lead to Remote Code Execution RCE, a process where an attacker can execute arbitrary commands on the target...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...

CVE-2026-36829

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

PT-2026-41944

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Certain API endpoints lack authentication middleware, allowing unauthenticated remote attackers to access sensitive data and perform unauthorized actions. Specifically, the...

PT-2026-41850

Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

PT-2026-41894

Name of the Vulnerable Software and Affected Versions Sparx Enterprise Architect versions 17.1 and earlier Description A security feature intended to limit user actions based on assigned roles can be bypassed. An authenticated attacker can modify the client behavior, for example by using a...

CVE-2025-61081

...

CtrlPanel.gg 安全漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg prior to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the management settings update endpoint accepting user-provided class names and using th...

PT-2026-41935

Name of the Vulnerable Software and Affected Versions HestiaCP versions 1.2.0 through 1.9.4 Description An IP spoofing issue allows unauthenticated remote attackers to bypass authentication security controls. This occurs when the system accepts an arbitrary IP address provided in the...