9516 matches found
USN-8070-1 linux, linux-aws, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...
USN-8070-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing...
NocoDB 安全漏洞
NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 contained a security vulnerability. This vulnerability stemmed from the lack of verification of token...
devops-security-pipeline-poc
DevOps Security Pipeline POC A security-integrated CI/CD pipe...
CVE-2026-24731
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-28416
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2026-28416
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907
CVE-2025-9907 affects Red Hat Ansible Automation Platform (Event-Driven Ansible, EDA) Event Stream API. In test mode, the test_headers exposure allows leakage of internal headers and sensitive client credentials, with potential impact including credential exposure, internal infrastructure detail ...
CVE-2026-27028
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EUVD-2026-8966
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
EV2GO 访问控制错误漏洞
EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has a access control vulnerability, which stems from the lack of proper authentication mechanisms in WebSocket endpoints. This vulnerability could allow unauthorized attackers to perfor...
Chargemap 访问控制错误漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a access control vulnerability, which stems from the lack of an appropriate authentication mechanism. This vulnerability may allow unauthorized sites to simulate operations, escalate...
EV Energy 访问控制错误漏洞
EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...
Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking
Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...