EUVD-2026-33743

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

EUVD-2026-33736

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - Palo Alto Networks GlobalProtect Authenticatio...

Ivanti Neurons for ITSM 访问控制错误漏洞

Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Ivanti Neurons for ITSM has a vulnerability related to access control. This vulnerability stems from improper access control practices, which may allow remote authentication attacke...

PT-2026-45546

Name of the Vulnerable Software and Affected Versions Ivanti Neurons for ITSM affected versions not specified Description Improper Access Control allows a remote authenticated attacker to gain administrative access. Recommendations Audit role configurations to ensure permissions are limited to...

EUVD-2026-33487

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

CVE-2026-10157

Open5GS up to 2.7.6 is affected by a vulnerability in the NGAP PathSwitchRequest Message Handler (src/amf/ngap-handler.c). The issue arises from a manipulation that leads to improper authentication. The attack can be initiated remotely, and a public exploit exists. A patch is available with ident...

EUVD-2026-33476

A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

EUVD-2026-32650

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

CVE-2026-0265 Vulnerability Assessment Tool

CVE-2026-0265 is a remote authentication bypass affecting PAN-OS and Panorama that triggers when an authentication profile uses Cloud Authentication Service CAS. This tool safely detects whether an instance is vulnerable without authenticating any session or modifying any state...

SUSE CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

SUSE CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

PT-2026-42823

Name of the Vulnerable Software and Affected Versions Amazon Braket SDK versions prior to 1.117.0 Description Insecure deserialization in the job results processing component may allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on...

CVE-2026-44057

A flaw was found in Netatalk. A dead bounds check in the Spotlight RPC unmarshaller may allow a remote authenticated attacker to obtain limited information. This vulnerability is triggered by sending crafted Spotlight RPC requests, leading to an information disclosure...

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44062

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...