Astra Linux – Vulnerability in node-tar

The npm package “tar” also known as node-tar in versions prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has a vulnerability related to arbitrary file creation/overwriting, due to insufficient symlink protection. node-tar aims to ensure that any file whose location would be modified by a symbolic link i...

PT-2026-48016

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature through a physical attack, which can subsequently affect the system...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

Real Case Exploitation of Buffer Overflow & Format String Vuln...

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2026-9274

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

ROS-20260512-73-0025

A vulnerability in the kernel of the Oracle VM VirtualBox virtualization software tool is related to a flaw in the data protection mechanism. Exploitation of the vulnerability may allow an attacker to bypass existing security mechanisms...

ROS-20260420-73-0025

Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

GHSA-VVFW-4M39-FJQF WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

Summary objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not verify a globalToken, and does not validate the Origin/Referer...

PT-2026-32286

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Cortex XDR agent on Windows affected versions not specified Description A flaw in the protection mechanism of the agent allows a local Windows administrator to disable the software. This bypass of system configuration or...

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260204.2 contained security vulnerabilities. These vulnerabilities were due to insufficient credential protection, which could allow...

PT-2026-30972

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

CVE-2026-0230

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

PYSEC-2026-162

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

EUVD-2026-11249

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure via the /acp spawn command handler. An attacker can escalate privileges by initializing host-side ACP sessions from a sandboxed context when ACP is enabled an...

EUVD-2026-3662

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...

CVE-2026-20080

CVE-2026-20080 affects Cisco IEC6400 Wireless Backhaul Edge Compute Software. The SSH service can be flooded by unauthenticated remote attackers, causing the SSH server to become unresponsive while other operations stay stable. Reported by Cisco and mirrored in multiple feeds, the issue arises fr...

Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit th...