CVE-2025-69646

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management—including vulnerability assessment, URL filtering, patch management, etc. Versions of...

ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code

AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...

CVE-2026-28718

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28718

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28718

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28718

CVE-2026-28718 affects Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186. The vulnerability arises from insufficient input validation in authentication logging, enabling a denial-of-service condition. Multiple connected sources (Red Hat, NVD, ENISA EUVD, CVE lists, and PT-Security...

SUSE CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen - or hash style comments, the statement is...

PT-2026-23592

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Description A denial of service condition exists due to inadequate input validation within the authentication logging process. Recommendations Update Acronis Cyber Protect to build 41186 o...

Insufficient Logging

Overview Affected versions of this package are vulnerable to Insufficient Logging in the FileLoader class that incorrectly handles legacy SourcelessFileLoader for .pyc files. An attacker can bypass logging mechanisms sys.audit by crafting or manipulating .pyc files to avoid detection or auditing...

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

EUVD-2026-9367

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

CVE-2026-28772

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

CVE-2026-28772 Reflected XSS in IDC_Logging Index endpoint

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

CVE-2026-28772

CVE-2026-28772 describes a Reflected XSS in the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) affecting the /IDC_Logging/index.cgi endpoint. The vulnerability arises when the submitType parameter is reflected into the DOM without proper escaping, allowing an at...

CVE-2026-28772 Reflected XSS in IDC_Logging Index endpoint

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

CVE-2026-3494

A flaw was found in MariaDB. An authenticated database user can exploit this vulnerability by invoking SQL statements prefixed with double-hyphen — or hash style comments. When the server audit plugin is enabled with specific event filtering, these statements are not logged. This oversight can le...

PT-2026-22874

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 Description A Reflected Cross-Site Scripting XSS issue exists in the /IDC Logging/index.cgi API endpoint. The issue occurs...

AZL-79365 CVE-2026-3494 affecting package mariadb 10.6.24-1

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

AZL-79550 CVE-2026-3494 affecting package mariadb 10.11.15-1

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...