PT-2026-44464

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy dict.updatejson input.copy, overwriting trusted target data that was previously set fro...

Oracle Payroll 安全漏洞

Oracle Payroll is a corporate payroll calculation and distribution management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component,...

CVE-2026-42999

OpenStack Keystone prior to 29.0.2 contains CVE-2026-42999, where the RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary (policy_dict.update(json_input.copy())). Since flask.request.get_json is called with force=True, this ...

Oracle Payroll 安全漏洞

Oracle Payroll is a corporate payroll calculation and distribution management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component,...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

CVE-2026-46080

A flaw was found in the Linux kernel's Oracle Cluster File System 2 ocfs2 component. During direct I/O DIO write operations, specifically in the ocfs2dioendiowrite function, an issue with transaction splitting can lead to credit exhaustion in the Journaling Block Device 2 JBD2 subsystem. This can...

CVE-2026-46095

A flaw was found in the Linux kernel's RAID Redundant Array of Independent Disks driver component. A race condition can occur when the system attempts to write or discard data, as a necessary synchronization barrier is not properly established before critical state changes. This oversight could...

Evidence at the Moment of Attack. Answers at AI Speed.

Wiz Sensor Forensics is now generally available - automatically capturing forensic artifacts at the moment of detection and using AI to accelerate investigation for SOC and IR teams...

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

CVE-2026-44327

CVE-2026-44327 affects free5GC NEF (nnef-oam route group). Prior to v4.2.2, the OAM route group was mounted without inbound OAuth2/bearer-token authorization, allowing unauthenticated requests to hit OAM endpoints via the SBI. The OAM handler is a stub returning null, but the defect is route-grou...

CVE-2026-44329 free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

CVE-2026-7365

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

EUVD-2026-32505

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-7365 IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-7365

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-7365 IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-7365

CVE-2026-7365 affects IBM Operations Analytics - Log Analysis (and IBM SmartCloud Analytics - Log Analysis) where default passwords from manufacturing are used during installation, enabling potential authentication bypass. The IBM advisory lists affected versions of IBM Operations Analytics - Log...

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

CVE-2024-40684

CVE-2024-40684 affects IBM Operations Analytics – Log Analysis (versions 1.3.5.0–1.3.8.4). The root cause is weaknesses in backend authentication and session management that allow weak password policy enforcement by default, facilitating potential account compromise. Impact is described as a lack...

CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...