PT-2026-7396

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to bypass security features, specifically the Windows SmartScreen mechanism and Windows Shell...

KB5075897: Windows Server version 23H2 Security Update (February 2026)

The remote Windows host is missing security update 5075897. It is, therefore, affected by multiple vulnerabilities - A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit da...

VulnCheck KEV: CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

KB5075906: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (February 2026)

The remote Windows host is missing security update 5075906. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...

Microsoft Windows Shell Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...

Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

CVE-2026-25812

PlaciPy (version 1.0.0) exposes credentialed CORS and lacks CSRF protection on state-changing endpoints. The connected sources confirm this core issue but do not supply a remediation, exploit details, or vendor-specific mitigations. Practical impact: potential CSRF-style abuse where authenticated...

CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...

keycloak: Incorrect ownership checks in /uma-policy/

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-7432

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

PT-2026-7119

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

PT-2026-7127

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A Broken Access Control issue exists within the UserManagedPermissionService UMA Protection API. Specifically, when updating or deleting a UMA policy linked to multiple resources, the system...

Framework for Integrating Zero Trust in Cloud-Based Endpoint Security for Critical Infrastructure

Cyber threats have become highly sophisticated, prompting a heightened concern for endpoint security, especially in critical infrastructure, to new heights. A security model, such as Zero Trust Architecture ZTA, is required to overcome this challenge. ZTA treats every access request as new and...