CVE-2026-24535

CVE-2026-24535 affects the WordPress plugin Automatic Featured Images from Videos up to version 1.2.7) or applying vendor mitigation. Connected material notes the vulnerable plugin, the affected version range, and that public advisories converge on updating beyond 1.2.7; exploitation status and i...

PT-2026-4383

Name of the Vulnerable Software and Affected Versions Automatic Featured Images from Videos versions through 1.2.7 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Automatic Featured Images from...

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

MedDream PACS Premium autoPurge reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2253 MedDream PACS Premium autoPurge reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54817 SUMMARY A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.87...

MiracleLinux 7 : realmd-0.16.1-5.el7 (AXSA:2015-654:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-654:01 advisory. realmd is a DBus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA. The control center uses realmd as t...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ACME TLS certificates' automatic generation. An attacker can exhaust system resources by opening multiple connections, sending minimal ClientHello messages with acme-tls/1, an...

EUVD-2026-2949

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...

CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

PT-2026-3141

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.35 and 3.6.7 Description Traefik, an HTTP reverse proxy and load balancer, has a potential issue in its ACME TLS certificates' automatic generation. The ACME TLS-ALPN fast path can allow unauthenticated clients t...

traefik -- ACME TLS-ALPN fast path potential DoS

The traefik project reports: There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled.A malicious client ca...

UBUNTU-CVE-2025-71108

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect numconnectors capability The UCSI spec states that the numconnectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it...

Firefox Security Vulnerabilities: An Expert Guide

For any vulnerability management team, the daily flood of alerts can be overwhelming. When your scanner flags dozens of new CVEs, it’s easy to see browser-related issues as lower priority. Yet, a critical flaw in a widely used application like Firefox can be the initial foothold an attacker needs...

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...

CVE-2009-4357

CQWeb aka the web interface in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10583

The /admin/admapi.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application...

CVE-2020-10579

A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

CVE-2025-23879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

Fastjson 安全漏洞

Fastjson is Alibaba open source a Java-based fast JSON parser/generator . Fastjson versions prior to 1.2.48 security vulnerability , the vulnerability stems from improper handling of automatic types , which may lead to JNDI injection attacks...