CVE-2026-21789 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

EUVD-2026-29571

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability...

EUVD-2026-30790

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

Access Control Bypass

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Access Control Bypass in the users endpoint controller, which exposes the apiKey field to logged-in users who have permission for...

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...

CVE-2026-45190

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists ACLs due to improper validation of IP address and CIDR Classless Inter-Domain Routing mask inputs. Specifically, inputs containing...

MAL-2026-3830 Malicious code in @zentrafinance/contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d053632b3bcc143ed8f9f0f75a1dccdc210cede972e8006d698ef796793e5 The package @zentrafinance/contracts was found to contain malicious code. Source: ghsa-malware...

Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign

Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration...

SUSE CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

EUVD-2026-30753

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

BIT-GITLAB-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

BIT-GITLAB-2026-3607 Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

BIT-GITLAB-2026-3160 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...

Claude HUD 安全漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...

Mattermost 访问控制错误漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...

PT-2026-41722

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to update data in certain scenarios. Recommendations At the moment, there is no information about a newer version that contains a...

HCL Connections 安全漏洞

HCL Connections is a corporate collaboration platform developed by the Indian company HCL. There is a security vulnerability in HCL Connections, which stems from ineffective access control. This vulnerability may allow unauthorized users to update data in certain scenarios...

Federated Naive Bayes with Real Mixture of Gaussians and Institutional Governance Regularization for Network Intrusion Detection

Federated learning for intrusion detection rests on a flawed premise: that every participating institution contributes equally to the shared model. In practice, a financial institution with mature security controls and low vulnerability exposure produces fundamentally different data than a...

PT-2026-41704

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...