EUVD-2026-38787

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2026-57306

Jenkins Zowe zDevOps Plugin

CVE-2026-44913

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

CVE-2026-44913

CVE-2026-44913 concerns Apache NiFi’s CaptureChangeMySQL Processor. The vulnerability arises from improper escaping of database table names, enabling SQL injection through crafted naming in NiFi versions 1.2.0–2.9.0. The issue can be partially mitigated by prior hardening (e.g., manual quoted bou...

CVE-2026-12033

The following flaw was identified in the Chromium browser: Out of bounds read VideoCapture. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=519248779...

kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...

EUVD-2026-38024

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

CVE-2026-47341 Apache APISIX: Session replay issue in hmac-auth

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

Astra Linux – Vulnerability in Wireshark

A large loop exists in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9, and 3.2.0 to 3.2.17, which allows for denial of service through packet injection or with crafted capture files...

PT-2026-50887

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.11.0 through 3.16.0 Description An authentication bypass exists due to a capture-replay issue. An attacker can leverage specific configurations in the hmac-auth module to reuse a token indefinitely, effectively bypassi...

MAL-2026-6081 Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

CVE-2026-46779

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3 to compromise Oracl...

CVE-2026-46782

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2026-46781

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise...

CVE-2026-46778

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise...

CVE-2026-35283

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise...

CVE-2026-35280

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise...

CVE-2026-35284

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise...