9513 matches found
CVE-2026-44478
CVE-2026-44478 concerns Hoppscotch, an open source API development ecosystem. The vulnerability chain involves an unauthenticated POST to /v1/onboarding/config that, prior to 2026.2.0, allowed overwriting the infrastructure configuration without verifying onboarding completion, potentially compro...
Malicious Package
Overview github.com/BufferZoneCorp/go-envconfig is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluste...
Why Canadian Telecom Providers Are Prime Targets for Cyberattacks
Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure...
Hoppscotch 访问控制错误漏洞
Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch from 2026.2.0 to 2026.4.0 contained a access control vulnerability. This vulnerability stemmed from the GET /v1/onboarding/config endpoint, which still exposed all infrastructure secrets in plain...
PT-2026-40829
Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.4.0 Description An information disclosure issue exists where the 'GET /v1/onboarding/config' endpoint leaks infrastructure secrets in plaintext to unauthenticated users. This occurs specifically when the...
CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
[SECURITY] Fedora 43 Update: nss-3.122.2-1.fc43
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
SAP HANA Deployment Infrastructure deploy library SQL注入漏洞
SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...
Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)
The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...
CVE-2026-34314
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker wit...
Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support
Engineering managers increasingly must decide how to introduce generative artificial intelligence AI, retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this stu...
CVE-2026-25077
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...
EUVD-2026-27861
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
CVE-2026-20189
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...
CVE-2026-20189 Cisco Prime Infrastructure Information Disclosure Vulnerability
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...
CVE-2026-20189 Cisco Prime Infrastructure Information Disclosure Vulnerability
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...
CVE-2026-20189
Cisco Prime Infrastructure contains an information disclosure vulnerability in the log file download functionality. The issue arises from insufficient authorization checks on the download service API. An attacker with valid credentials to the web interface can craft a URL request to download arbi...
CVE-2026-20189
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...