MantisBT has an authorization bypass in private issue monitoring

Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...

GHSA-GGW7-9675-6V4V MantisBT has an authorization bypass in private issue monitoring

Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

Meari IoT SDK 加密问题漏洞

Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at developing applications for smart devices. There are encryption-related vulnerabilities in the Meari IoT SDK. These vulnerabilities stem from the use of a predictable key derivation method to perform reversible XO...

PT-2026-39876

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description An authorization bypass exists in the private issue monitoring feature. A user with project-level access can send a crafted POST request to the 'bug monitor add.php' endpoint to...

MonitoringBench: Semi-Automated Red-Teaming for Agent Monitoring

We introduce a red-teaming methodology that exposes harder-to-catch attacks for coding-agent monitors, suggesting that current practices may under-elicit attacks and overstate monitor performance. We identify three challenges with current red-teaming. First, mode collapse in attack generation,...

CVE-2026-43388

A flaw was found in the Linux kernel's DAMON Data Access MONitor subsystem. The damoswalk function in mm/damon/core fails to clear a dangling pointer when a context is inactive and an error occurs. This issue can lead to a temporary denial of service DoS for subsequent calls to damoswalk,...

EUVD-2026-28657

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

pagecache-guard 中文文档 A runtime integr...

PT-2026-39041

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The q54sj108a2 debugfs read function contains a stack buffer overflow. This occurs because incorrect arguments are passed to the bin2hex function, where the destination and source buffer...

CVE-2026-41105

CVE-2026-41105 affects the Azure Monitor Action Group Notification System. The issue is described as a server-side request forgery (SSRF) that allows an authorized attacker to elevate privileges over a network. Documented impact is an Elevation of Privilege (EoP) with high risk (CVSS 3.1: 8.1). C...

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

...

EUVD-2025-209728

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2025-4386 Medtronic MyCareLink Patient Monitor Hardware Debug Port

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin

...

io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.1-rc.1), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open-source monitoring system developed by Medtronic in the United States. The Medtronic MyCareLink Patient Monitor has a security vulnerability, which stems from its internal serial interface. This vulnerability could allow attackers with physical acces...