CVE-2026-53469

Migration-planner is affected. An authenticated user can issue a DELETE to /api/v1/sources that is not properly authorized/filtered, permitting destruction of all tenant data (sources, agents, assessments) and causing critical loss of availability and integrity across the SaaS platform. Affected ...

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

CVE-2026-45445

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

CVE-2026-34182

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

Veeam Backup & Replication’s vulnerability handling capabilities

Veeam has identified a vulnerability in Backup & Replication. This vulnerability allows an authenticated domain user to execute remote code on the Backup Server. As a result, an attacker with domain credentials can exploit this vulnerability to gain control over backup operations. This is a...

CVE-2026-41985

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2026-41984

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2026-41975

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2026-41979

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality...

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

ROS-20260610-73-0017

The vulnerability of the XPCOM component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected informatio...

ROS-20260610-73-0018

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

ROS-20260610-73-0025

The vulnerability in Thunderbird is related to a behavior that varies depending on the type of implementation. Exploiting this vulnerability allows an attacker who operates remotely to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260610-73-0020

The vulnerability of the Layout component: Texts and fonts in Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...

AMD EPYC Processor 输入验证错误漏洞

The AMD EPYC Processor is a series of multi-core processors developed by Advanced Microelectronics Devices, Inc. AMD. The AMD EPYC Processor has a vulnerability in input validation, which stems from improper input validation of DIMM serial presence detection metadata. This vulnerability could all...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in PBMAC1PBKDF2HMAC. A user can craft an unencrypted PKCS12 file that uses PBMAC1 authentication specifying a one-byte HMAC key, causing a service that authenticates incoming files by passwor...

EUVD-2026-35478

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...