EUVD-2026-36540

parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...

Siemens SIPROTEC 5 Small Space of Random Values (CVE-2024-54017)

Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. This plugin only works with...

CVE-2024-27928

CVE-2024-27928 (Vantage6) describes a vulnerability in Vantage6 prior to 5.0.0 where an attacker with access to a user’s email can first reset the account password, then reset the 2FA token via email, effectively reducing 2FA to 1FA. This is tied to emails being used as a recovery vector and reli...

CVE-2026-53606

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

SUSE CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

PT-2026-48961

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...

Critical Photon OS Security Update - PHSA-2026-5.0-0876

Updates of 'bindutils' packages of Photon OS have been released...

PT-2026-48372

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...

QNAP file station 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory after obtaining...

Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You

Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks...

CVE-2026-49975 affecting package nginx for versions less than 1.28.3-5

CVE-2026-49975 affecting package nginx for versions less than 1.28.3-5. A patched version of the package is available...

CVE-2026-29181 affecting package ignition-flatcar for versions less than 2.22.0-5

CVE-2026-29181 affecting package ignition-flatcar for versions less than 2.22.0-5. A patched version of the package is available...

CVE-2026-7790 affecting package rabbitmq-server for versions less than 3.13.7-5

CVE-2026-7790 affecting package rabbitmq-server for versions less than 3.13.7-5. A patched version of the package is available...

CVE-2026-43968 affecting package rabbitmq-server for versions less than 3.13.7-5

CVE-2026-43968 affecting package rabbitmq-server for versions less than 3.13.7-5. A patched version of the package is available...

CVE-2026-33814 affecting package ignition-flatcar for versions less than 2.22.0-5

CVE-2026-33814 affecting package ignition-flatcar for versions less than 2.22.0-5. A patched version of the package is available...

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5. A patched version of the package is available...

CVE-2026-11235

creationtimestamp| type| source ---|---|--- 2026-06-05 06:00:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnjhkpzpkm22 2026-06-05 13:24:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen|...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5. A patched version of the package is available...

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...