CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-28859

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox...

CVE-2026-28895

The CVE-2026-28895 entry is confirmed by connected documents: iOS 26.4 and iPadOS 26.4 fix the issue. Attacker with physical access on a device with Stolen Device Protection enabled could access biometrics-gated Protected Apps using the passcode. Root cause is described as improved checks, with r...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

PT-2026-28070

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions of Apple iOS prior to 26.4 and Apple iPadOS prior to 26.4...

ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents through Skills, Plugins, and Watchers

Whitepaper called ClawKeeper: Comprehensive Safety Protection For OpenClaw Agents Through Skills, Plugins, And Watchers...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing and transforming data from disparate sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from insufficient credential protection and...

Linux Distros Unpatched Vulnerability : CVE-2026-23346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which pass...

GHSA-2299-GHJR-6VJP Parse Server: MFA recovery code single-use bypass via concurrent requests

Impact An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and...

Understanding Wiz’s Approach to Securing the AI Supply Chain

As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which can be addressed by Wiz’s CNAPP solution...

EUVD-2026-14735

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

EUVD-2026-14563

OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...

PT-2026-27611

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.4 iPadOS versions prior to 26.4 Description A security issue exists where an attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps wi...

About the security content of iOS 26.4 and iPadOS 26.4

About the security content of iOS 26.4 and iPadOS 26.4 This document describes the security content of iOS 26.4 and iPadOS 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

ROS-20260324-73-0010

A vulnerability in the f2fs component of the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability allows an attacker to affect confidentiality, integrity and availability of protected information...

📄 Payara Server Cross Site Scripting

Research details on exploitation for a cross site scripting vulnerability in Payara's administration REST interface. Versions below 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 are affected. XSS to Admin account takeover CVE-2025-14340 A Cross-Site Scripting vulnerability in Payara’s Administration...

Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8

Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8 What happens when a hashing scheme needs to be both HashDoS resistant and quickly reversible? That's the puzzle we tried to solve for addressing CVE-2026-21717 in the March 2026 Node.js security release. This led...