MINI-PRJX-J426-M982

Bulletin has no description...

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

CVE-2026-22614

The CVE covers an insecure encryption mechanism in Eaton’s EasySoft project files. The vulnerability arises from weak/enabled brute-force‑susceptible encryption within the project file, which could allow an attacker with access to the local host and the file to read sensitive information and tamp...

Jovac-XSS-Project

J...

PT-2026-24611

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model pom which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository...

Eaton Easysoft 安全漏洞

Eaton Easysoft is a programming application used in the industrial field by Eaton, Inc. This software is used for programming Easy controllers and displays. It allows for the editing and visualization of circuit diagrams according to specified formats. Eaton Easysoft has security vulnerabilities;...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. There is a security vulnerability in GitHub Enterprise Server, which stems from...

This Week in Spring - March 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...

PT-2026-24202

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

PT-2026-24363

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.14.24 through 3.19.3 Description An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull reque...

PT-2026-24261

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

PT-2026-24258

Name of the Vulnerable Software and Affected Versions Versions prior to 2026-1286 Description A flaw exists due to the deserialization of untrusted data. This issue could result in a loss of confidentiality and integrity, and potentially allow for remote code execution on a workstation. The issue...

zot 安全漏洞

Zot is an open-source OCI image registry developed by The Zot Project. Versions 1.3.0 to 2.1.14 of Zot contain security vulnerabilities. These vulnerabilities stem from the improper operation inference of the dist-spec authorization middleware when handling PUT /v2/name/manifests/reference...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the...

CVE-2026-30920

OneUptime prior to version 10.0.19 has broken access control in the GitHub App installation flow. The GitHub App callback trusts attacker-controlled state and installation_id values, and writes the provided installation_id into Project.gitHubAppInstallationId with root privileges without validati...

GHSA-656W-6F6C-M9R6 OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Summary OneUptime's GitHub App callback trusts attacker-controlled state and installationid values and updates Project.gitHubAppInstallationId with isRoot: true without validating that the caller is authorized for the target project. This allows an attacker to overwrite another project's GitHub A...