PT-2026-40970

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of caller-supplied identifiers and redirect handling in the API integration process. An...

EUVD-2026-21816

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

DEBIAN-CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

CVE-2026-20974

Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock...

CVE-2026-20974

Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock...

CVE-2026-20974

CVE-2026-20974: Samsung/Android SMR Jan-2026 Release 1 patches this issue. It is described as improper input validation in data related to network restrictions, enabling physical attackers to bypass Carrier Relock prior to the SMR release. Connected sources (SVE entries) show affected Android 13–...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2026 Release 1 prior to Release 1, which stems from improper validation of data...

PT-2025-52721

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description The GetStreamUri function exposes RTSP URIs that include hardcoded credentials, allowing unauthorized access to direct video streams. The affected devi...

CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

EUVD-2025-204006

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

CVE-2025-37731

A flaw was found in Elasticsearch. This vulnerability allows user impersonation via specially crafted client certificates signed by a legitimate, trusted Certificate Authority CA. Mitigation To reduce the risk of exploitation, ensure that the Certificate Authority CA used for the Elasticsearch PK...

PT-2025-51980

Name of the Vulnerable Software and Affected Versions Zerobyte versions prior to 0.18.5 Zerobyte versions prior to 0.19.0 Description Zerobyte, a backup automation tool, has an issue where authentication middleware is not correctly applied to certain API endpoints. This allows access to these...

PT-2025-49149

Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...

CVE-2025-3321

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

CVE-2024-10306 Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

PT-2024-10246 · Oracle +2 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server version 8.4.0 Description: The issue is related to the Server: Optimizer component of Oracle MySQL Server and is caused by inadequate authorization procedure due to incorrect input validatio...