CVE-2026-45588

CVE-2026-45588 concerns a protection mechanism failure in Windows Secure Boot that allows an authorized attacker to bypass a security feature locally. The NVD/CVE entry describes a local attack with high impact on confidentiality and integrity and no availability impact, requiring high privileges...

[SECURITY] [DSA 6317-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6317-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2026 https://www.debian.org/security/faq -...

CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-24880

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users...

CVE-2025-15464

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-4616

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls...

Palo Alto Prisma Browser 安全漏洞

Palo Alto Prisma Browser is a secure enterprise browser from Palo Alto USA. A security vulnerability exists in Palo Alto Prisma Browser that stems from insufficient input validation, which could allow locally authenticated, non-administrative users to bypass browser security controls...

EUVD-2025-33388

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

CVE-2024-6348

CVE-2024-6348 affects the Nissan Altima 2022 Blind Spot Protection Sensor ECU, specifically the UDS security access seed generation. The root cause is predictable seed generation, enabling an attacker to forecast the requested seeds and bypass security controls by repeatedly resetting the ECU and...

CVE-2024-6348 Predictable seed generation after ECU reset

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

CVE-2024-6348 Predictable seed generation after ECU reset

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers see here, here and here, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid a new...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with security features allows a perpetrator to circumvent security restrictions.

The vulnerability of the Secure Boot protocol for operating systems running Windows is related to a breach in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. An input validation error vulnerability exists in Dell BIOS, which can be exploited by a locally authenticated attacker to bypass security controls in SMM by sending malicious input to SMI...

CVE-2022-26862

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to security configuration errors, allowing attackers to bypass security measures.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to security configuration errors. Exploiting this vulnerability can allow attackers to bypass security measures...

Hitachi Energy Relion 访问控制错误漏洞

Hitachi Energy Relion is used by Hitachi Energy Switzerland to protect, control, measure, and monitor power systems. A security vulnerability exists in the internal database access mechanism of the Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600, which arises from the product'...

CVE-2020-11498

CVE-2020-11498 affects Slack Nebula up to version 1.1.0. A relative-path vulnerability in the tunnel drivers tun_darwin.go and tun_windows.go allows a low-privileged attacker to execute code in the context of the root user, with potential user-context execution as well. The issue enables path tra...