Hoppscotch 安全漏洞

Hoppscotch is an open-source API development ecosystem developed by Hoppscotch itself. Versions of Hoppscotch prior to 2026.2.0 contained security vulnerabilities. These vulnerabilities allowed logged-in users to read, modify, or delete other users’ personal environments, potentially leading to t...

PT-2026-22211

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.2.0 Description hoppscotch is an API development ecosystem. Prior to version 2026.2.0, any logged-in user could read, modify, or delete another user's personal environment by ID. The issue arises from missing...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, AI-driven automated IT operations management platform provided by the American company VMware. It is suitable for private cloud, hybrid cloud, and multi-cloud environments. There is a security vulnerability in VMware Aria Operations, which stems from permissio...

Integrating Advanced API Security with Imperva Gateway Environment

As APIs power the majority of modern web applications, implementing robust API security is no longer optional - it’s a critical necessity for data protection. This guide explores how to seamlessly integrate API gateway security into your Imperva on-premises environment to mitigate OWASP Top 10...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a...

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

[SECURITY] Fedora 42 Update: rust-ambient-id-0.0.10-1.fc42

Detects ambient OIDC credentials in a variety of environments...

Red-Teaming Claude Opus and ChatGPT-Based Security Advisors for Trusted Execution Environments

Trusted Execution Environments TEEs e.g., Intel SGX and ArmTrustZone aim to protect sensitive computation from a compromised operating system, yet real deployments remain vulnerable to microarchitectural leakage, side-channel attacks, and fault injection. In parallel, security teams increasingly...

CVE-2026-27004

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-26201 emp3r0r Affected by Concurrent Map Access DoS (panic/crash)

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

GHSA-JMR7-XGP7-CMFJ vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, kubeflow-pipelines, renovate, prism, tileserver-gl, saf...

CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33243

Summary (CVE-2025-33243) NVIDIA NeMo Framework is affected; a vulnerability could allow remote code execution in distributed environments. The issue impacts NVIDIA NeMo Framework across all platforms and versions prior to 2.6.1. The security bulletin lists the update to version 2.6.1 or later as ...

PT-2026-20403

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework has a flaw that could allow a remote attacker to execute code in distributed environments. Exploitation of this issue may result in code execution,...

CVE-2026-2625

No description is available for this CVE. Mitigation Avoid processing untrusted or attacker-controlled RPM files with rpm -Kv or rpm --checksig. Use isolated environments or additional validation layers when handling untrusted RPM artifacts...

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019,...

CVE-2026-25999

Klaw (self-service Apache Kafka Topic Management/Governance tool) contains an improper access control vulnerability prior to v2.10.2 that allows an unauthorized user to trigger a reset or deletion of metadata for any tenant by calling the /resetMemoryCache endpoint. The CVE notes the impact as hi...