CVE-2026-1842

CVE-2026-1842 affects HyperCloud 2.3.5–2.6.8. Root cause: refresh tokens can be used directly for resource access and do not invalidate previously issued access tokens when a refresh token is used, allowing long-lived or concurrent access. Refresh tokens have a default lifetime of about one year,...

CVE-2026-1842 HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthorized Access

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

CVE-2026-1842 HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthorized Access

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

SoftIron HyperCloud 安全漏洞

SoftIron HyperCloud is an intelligent cloud architecture developed by SoftIron Corporation. Versions of SoftIron HyperCloud 2.6.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability to directly use refresh tokens for resource access, without ensuring that...

PT-2026-21250

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime default one year, an authenticated...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the keychain credential refresh path. An attacker can execute arbitrary OS commands by supplying crafted OAuth tokens that are incorporated into shell command...

PT-2026-20560

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from deadlocks in the management of frame refreshes in the ath12k Wi-Fi driver. This could caus...

CVE-2026-25893

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

CVE-2026-25893

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

CVE-2026-25893

CVE-2026-25893 affects FUXA, a web-based Process Visualization (SCADA/HMI/Dashboard) platform. The issue is an authentication bypass via the heartbeat refresh API that lets an unauthenticated, remote attacker gain administrative access and potentially execute arbitrary code on the server. This vu...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

SUSE-SU-2026:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

PT-2026-7184

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.2.10 Description FUXA is a web-based Process Visualization software. A flaw exists that allows a remote, unauthenticated attacker to gain administrative access and execute arbitrary code on the server. This is possible...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

Linux Distros Unpatched Vulnerability : CVE-2026-1035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse...

capstone-poc

Capstone Proof of Concept 1. Create the UI using the run fu...

CVE-2026-24748

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...