CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee

See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...

Home Assistant 代码注入漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 1.0.0 had a code injection vulnerability. This vulnerability stemmed from the use of unlimit...

Do Agents Dream of Root Shells? Partial-Credit Evaluation of LLM Agents in Capture the Flag Challenges

Large Language Model LLM agents are increasingly proposed for autonomous cybersecurity tasks, but their capabilities in realistic offensive settings remain poorly understood. We present DeepRed, an open-source benchmark for evaluating LLM-based agents on realistic Capture The Flag CTF challenges ...

API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG fails to restrict access to henvcfg and senvcfg. This allows less-privileged code to read or write these CSRs without the required exception, potentially bypassing state-enable based isolation in virtualized or multi-priv...

Zeek 8.0.7

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

Terminal Wrench: A Dataset of 331 Reward-Hackable Environments and 3,632 Exploit Trajectories

The authors of this paper release Terminal Wrench, a subset of 331 terminal-agent benchmark environments, copied from the popular open benchmarks that are demonstrably reward-hackable. The data set includes 3,632 hack trajectories and 2,352 legitimate baseline trajectories across three frontier...

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

GHSA-67JX-R9PV-98RJ vulnerabilities

Vulnerabilities for packages: traefik-fips...

GHSA-56P5-8MHR-2FPH vulnerabilities

Vulnerabilities for packages: kibana...

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

UBUNTU-CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

CVE-2026-1752 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

CVE-2026-1752

Removed by vendor...

CVE-2026-1752 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

CVE-2026-1752

GitLab EE: An authenticated user with developer-role permissions could modify protected environment settings due to improper authorization checks in the API. Affected versions: 11.3–18.8.8 (before 18.8.9), 18.9 (before 18.9.5), and 18.10 (before 18.10.3). CVSS v3.1 base score 4.3 (Medium). Remedi...

PT-2026-31541

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.3 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description GitLab EE was found to have improper authorization checks in the API. This allowed an authenticated user with developer-role permissions to modi...