N-able N-central < 2024.2 - Authentication Bypass Detection

N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions. id: CVE-2024-28200 info: name: N-able N-central 2024.2 - Authentication Bypass Detection...

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2189-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2189-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: -...

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in AppArmor where the counter for each CPU’s cache holdings does not check for...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure (CVE-2026-1718)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. Vulnerability Details CVEID:CVE-2026-1718 DESCRIPTION: IBM Db2 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are...

XAI FL-IDS: A Federated Learning and SHAP-Based Explainable Framework for Distributed Intrusion Detection Systems

An Intrusion Detection System IDS is vital in cybersecurity, detecting unauthorized activity across networks. With attacks on network layers increasing, stronger IDSs are needed. Yet most IDSs rely on centralized detection, forcing IoT nodes to ship data to a server, adding overhead and offering ...

Security Updates for Microsoft Dynamics 365 Business Central (May 2026) (CVE-2026-40417)

The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability: - Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. CVE-2026-40417 Note that Nessus...

Krajowa Izba Rozliczeniowa SzafirHost 代码问题漏洞

Krajowa Izba Rozliczeniowa SzafirHost is an electronic signature server component developed by the Polish company Krajowa Izba Rozliczeniowa. It provides certificate management and signature processing capabilities. Versions of Krajowa Izba Rozliczeniowa SzafirHost prior to 1.2.1 had code...

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

CVE-2026-44289 vulnerabilities

Vulnerabilities for packages: pulumi, renovate, vitess, kubeflow-centraldashboard...

GHSA-FX83-V9X8-X52W vulnerabilities

Vulnerabilities for packages: pulumi, renovate, vitess, kubeflow-centraldashboard...

PT-2026-41159

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...

CVE-2026-40417

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...

EUVD-2026-29674

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...

CVE-2026-40417

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...

CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

...

CVE-2026-40417

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

...