CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

PT-2026-42450

Name of the Vulnerable Software and Affected Versions CODESYS Visualization affected versions not specified Description Insufficient isolation of authentication data may cause the remote exposure of credentials between low privileged visualization users during concurrent login operations. This...

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

EUVD-2026-18396

Signal K Server: Arbitrary Prototype Read via from Field Bypass...

CVE-2026-35038

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

CVE-2026-35038

CVE-2026-35038 affects Signal K Server (prior to v2.24.0). Affected component: prototype boundary filtering in the global prototype object accessed via the from field, allowing a low-privileged authenticated user to bypass filtering and read internal functions/properties, violating data isolation...

CVE-2025-13995 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

A Framework for Formalizing LLM Agent Security

Security in LLM agents is inherently contextual. For example, the same action taken by an agent may represent legitimate behavior or a security violation depending on whose instruction led to the action, what objective is being pursued, and whether the action serves that objective. However,...

Apple patches WebKit bug that could let sites access your data

Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites. What is it? The patched WebKit vulnerability is described as: “A cross-origin issue in the Navigation API was addressed with...

AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

Multi-agent systems MAS powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level...

CVE-2026-25811 PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...

MiracleLinux 9 : webkit2gtk3-2.46.3-2.el9_5 (AXSA:2024-9454:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9454:08 advisory. webkitgtk: data isolation bypass vulnerability CVE-2024-44309 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : webkit2gtk3-2.46.3-2.el8_10.ML.1 (AXSA:2024-9047:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9047:06 advisory. webkitgtk: data isolation bypass vulnerability CVE-2024-44309 Tenable has extracted the preceding description block directly from the MiracleLinux security...

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence AI company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records...

EUVD-2013-6536

Malware in sbrugna...

EUVD-2022-27434

Malicious code in bioql PyPI...

webkitgtk: data isolation bypass vulnerability

A data isolation bypass vulnerability was discovered in WebKitGTK. Processing maliciously crafted web content could enable a cross-site scripting XSS attack...

CVE-2022-22287

Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox...