PT-2026-25773

Name of the Vulnerable Software and Affected Versions AWS API MCP Server versions 0.2.14 through 1.3.8 Description The AWS API MCP Server, used to enable AI assistants to interact with AWS services, has an issue where file access restrictions can be bypassed. This affects the 'no-access' and...

PT-2026-26172

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folder delete and file delete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

PT-2026-25661

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

SAMSUNG Secure Folder 安全漏洞

Samsung Secure Folder is a privacy protection software developed by South Korea’s Samsung Corporation. Versions of Samsung Secure Folder prior to the SMR Mar-2026 Release 1 had security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, which...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...

EulerOS Virtualization 2.12.0 : edk2 (EulerOS-SA-2026-1528)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful...

Why Most DDoS Protection Fails: Solving for Continuity and Resilience

Most organisations assume DDoS Distributed denial of service protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking goes, their provider will absorb it and move on. But in the real world it can be a different story. Many incidents aren’t caused by the scal...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the processing of a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings. An attacker can cause the process to crash and disrupt...

PT-2026-25364

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGU AUTH MODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

WebGPU Resource Isolation Auditor

This WebGPU security javascript confirms that memory isolation between buffers is fully enforced. It does not exploit any vulnerability but rather demonstrates that behavior is working as expected. It validates that attempts to read or write outside of Buffer A's bounds are safely handled by eith...

Graph Neural Network-Based DDoS Protection for Data Center Infrastructure

In light of rising cybersecurity threats, data center providers face growing pressure to protect their own management infrastructure from Distributed Denial-of-Service DDoS attacks. While tenant-managed cages generally fall outside the data center's direct security purview, a successful DDoS...

From transparency to action: What the latest Microsoft email security benchmark reveals

In our last benchmarking post, Clarity in complexity: New insights for transparent email security ,1 we shared why transparency matters more than ever in email security and how clear, consistent benchmarking helps security teams cut through noise and make confident decisions. Today, we’re...

From transparency to action: What the latest Microsoft email security benchmark reveals

In our last benchmarking post, Clarity in complexity: New insights for transparent email security ,1 we shared why transparency matters more than ever in email security and how clear, consistent benchmarking helps security teams cut through noise and make confident decisions. Today, we’re...

Maintaining Security and Protecting Smart Home Devices from Hackers

Learn how to protect smart home devices from hackers. Strong passwords, updates and secure networks help keep cameras, sensors and data safe...

EUVD-2026-11489

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

GHSA-XJ37-QJG2-XWV2 @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

qinglong 安全漏洞

Qinglong is a scheduled task management platform developed by whyour, which supports Python3, JavaScript, Shell, and Typescript. Versions of Qinglong 2.20.1 and earlier have security vulnerabilities. These vulnerabilities stem from the handling of the command parameter in the file...

PT-2026-25087

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. Prior to version 1.5.1, the software experiences a panic when processing a malformed integrity-protected NGAP/NAS message with a length less th...

CVE-2026-3965 whyour qinglong API express.ts protection mechanism

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...