CVE-2026-48133 Identity Awareness Captive Portal - Unauthenticated Local File Inclusion

Symptoms - When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. - This issue affects: R82.10 with Jumbo Hotfix Take 6 or below R82 with Jumbo Hotfix Take 91 or below R81.20 with...

CVE-2026-48134 - SQL injection issue in UserCheck Portal when DLP is active

Symptoms - When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This coul...

CVE-2026-2031

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to...

CVE-2026-35569

CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access (cisco-sa-nd-cbid-5YqkOSHu)

According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive...

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-22237

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests an...

CVE-2025-47319

CVE-2025-47319 describes information disclosure in Qualcomm embedded platform firmware caused by exposing internal TA-to-TA (Trusted Application to Trusted Application) communication APIs to HLOS (Host Linux Operating System). The CVE indicates a LOCAL attack vector with HIGH privileges required ...

CVE-2025-9804

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

EUVD-2018-1086

Malware in sbrugna...

EUVD-2025-25606

Malicious code in bioql PyPI...

mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran

The Mozilla Foundation's Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the presence of an unauthorized method of accessing certain APIs of the multifunction device's internal programs, so that a third...

PT-2022-18607 · Unknown · Sns Firewall

Name of the Vulnerable Software and Affected Versions: SNS firewall versions 3.7.0 through 3.7.29 SNS firewall versions 3.11.0 through 3.11.17 SNS firewall versions 4.2.0 through 4.2.10 SNS firewall versions 4.3.0 through 4.3.6 Description: Flooding the SNS firewall with specific forged traffic c...

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

Input validation

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...