Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...

Boxlite 访问控制错误漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the lack o...

Migration Planner UI 访问控制错误漏洞

The Migration Planner UI is an open-source migration planning frontend tool developed by KubeV2V. The Migration Planner UI has an access control vulnerability. This vulnerability stems from the lack of proper authorization and filtering in the/api/v1/sources route, which may allow authenticated...

Android Wireless ADB Wireless Port Checker

This is some simple C code to scan for an open Android Wireless ADB port on tcp/5555...

PT-2026-48433

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent action app/routes/smon/agent routes.py:166-179 has decorators @bp.post'/agent/action/' and @jwt required only — no role check, no group ownership check on the server ip form...

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

PT-2026-48519

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics,separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names...

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities in access control...

Splunk SOAR 安全漏洞

Splunk SOAR is a security orchestration, automation, and response platform provided by Splunk Inc. Versions of Splunk SOAR prior to 8.5.0 contained a security vulnerability. This vulnerability stemmed from SOAR failing to strip control characters from the HTTP request path before writing...

VMware Spring Data REST 访问控制错误漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

ROS-20260610-73-0030

The vulnerability in Thunderbird is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to increase their privileges...

ROS-20260610-73-0009

The vulnerability in Thunderbird is related to deficiencies in access control for personal information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

MARCIM-WG: A Cyber Wargame Proposal Based on Math Modeling Applied in a Naval Scenario

As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness CSA therefore requires training mechanisms that expose decision-makers to...

PT-2026-48444

Name of the Vulnerable Software and Affected Versions migration-planner affected versions not specified Description An improper access control flaw exists in the '/api/v1/sources/id/image-url' endpoint. An authenticated attacker can bypass ownership checks to obtain presigned S3 URLs for Open...

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0609)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0609 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12,...

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

GHSA-7QJX-GP9H-65QJ Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

CVE-2026-47907

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...