6823 matches found
CVE-2026-44691
CVE-2026-44691 affects Eclipse Theia versions before 1.69.0. The issue arises when custom task definitions in workspace files (e.g., .theia/tasks.json, .vscode/tasks.json) can be executed without workspace trust, potentially enabling arbitrary commands to run with the user’s privileges if a malic...
EUVD-2026-37900
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
CVE-2026-44688
The vulnerability CVE-2026-44688 affects Eclipse Theia versions prior to 1.71.0. The AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions, enabling indirect prompt injection when an attacker uses adversarial ...
A Bootiful Podcast: DaShaun Carter on patching, Spring Boot 4.1, and security in the world of AI
Hi Spring fans! In this installment I have the privilege to sit down with my friend DaShaun Carter to talk about patching, Spring Boot 4.1, and security in the world of AI...
PT-2026-50690
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.69.0 Description Custom task definitions in workspace files, such as .theia/tasks.json and .vscode/tasks.json, can be executed without requiring workspace trust. This allows an attacker to create a malicious...
CVE-2026-52705
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
CVE-2026-46970
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...
CVE-2026-46971
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...
CVE-2026-46922
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...
ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat
A detailed ESET MDR vs Sophos MDR comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose...
This Week in Spring - June 16th, 2026
Hi Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the oh-so-delightful and delicious! city of New Delhi, India. It's been a real privilege to come and visit so many amazing people. Last night my friend DaShaun and I presented here at the local Delhi JUG,...
PT-2026-50069
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...
PT-2026-50028
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle HR Intelligence versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle HR Intelligence product. A high privileged attacker with network access via HTTP can...
PT-2026-50068
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...
EUVD-2026-36878
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-42664
CVE-2026-42664 affects the WordPress plugin AI Product Search for WooCommerce – Motive Commerce Search, version
CVE-2026-27407 WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability
Editor Privilege Escalation in AI Engine = 3.4.9 versions...
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk
Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even thousands of vulnerabilities, most of them accompanied by CVSS scores that mak...
PT-2026-49361
Editor Privilege Escalation in AI Engine = 3.4.9 versions...