CVE-2026-34284

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-40599

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

CVE-2026-40604

CVE-2026-40604 affects ClearanceKit on macOS, where the opfilter system extension (bundle uk.craigbass.clearancekit.opfilter) can be suspended or signalled by any root process (SIGSTOP/SIGTERM/SIGKILL). While suspended, AUTH Endpoint Security events timeout and default to allow, silently bypassin...

CVE-2026-40599 ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

EUVD-2026-24209

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

CVE-2026-40599

CVE-2026-40599 affects ClearanceKit on macOS. Before 5.0.5, a process with an empty Team ID but non-empty Signing ID can be misidentified as an Apple platform binary, enabling a malicious app to impersonate an Apple process in the global allowlist and access protected files. The issue is fixed in...

CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

PT-2026-34120

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006999 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010704 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been...

PT-2026-34037

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006933 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...

PT-2026-34108

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011273 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011393 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of nilfsroot in nilfsevictinode During unmount process of nilfs2,...

Oracle Agile Product Lifecycle Management for Process 安全漏洞

Oracle Agile Product Lifecycle Management for Process is a product lifecycle management system designed for the process industry by Oracle Corporation. Version 6.2.4 of Oracle Agile Product Lifecycle Management for Process contains a security vulnerability. This vulnerability stems from issues wi...

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...