Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

CVE-2025-11598

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

PT-2026-6041

Name of the Vulnerable Software and Affected Versions SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 Description The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the referencedId parameter. This is d...

PT-2026-6001

Name of the Vulnerable Software and Affected Versions Kod8 Individual and SME Website versions through 03022026 Description The Kod8 Individual and SME Website software contains a flaw related to improper neutralization of input during web page generation, leading to a Reflected Cross-Site...

Multiple Microsoft Office products vulnerable to untrusted search path

Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

[SECURITY] Fedora 43 Update: bind9-next-9.21.17-1.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

SUSE: Security Advisory (SUSE-SU-2026:0293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

Advisory ROSA-SA-2026-3116

software: pgbouncer 1.25.1 OS: ROSA-CHROME unaffected versions = pgbouncer-1.25.1-1 affected versions pgbouncer-1.25.1-1 CVE-ID: CVE-2025-12819 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Arbitrary SQL execution vulnerability in PgBouncer in authquery handler: an unauthenticated attacker could execute...

CVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...

[SECURITY] Fedora 42 Update: mysql8.4-8.4.7-5.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

MiracleLinux 8 : mod_auth_mellon-0.14.0-12.el8.1 (AXSA:2022-3531:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3531:01 advisory. modauthmellon: Open Redirect vulnerability in logout URLs CVE-2021-3639 Tenable has extracted the preceding description block directly from the MiracleLinux...

Security Bulletin: NVIDIA CUDA Toolkit - January 2026

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install the latest release from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security...

MiracleLinux 7 : firefox-78.14.0-1.0.1.el7.AXS7 (AXSA:2021-2415:25)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2415:25 advisory. Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 CVE-2021-38493 Tenable has extracted the preceding description block...

MiracleLinux 9 : pcs-0.11.1-10.el9.2.ML.1 (AXSA:2023-4908:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4908:01 advisory. pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 Tenable has extracted the preceding description...

go1.24-1.24.12-1.1 on GA media (moderate)

go1.24-1.24.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10063-1 Rating: moderate Cross-References: CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 CVSS scores: CVE-2025-61726 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-61726...

Acer Updater Service code-related vulnerabilities

The Acer Updater Service is a software update tool provided by Acer, a company based in Taiwan, China. Version 1.2.3500.0 of the Acer Updater Service contains a code vulnerability. This vulnerability stems from an issue with the service path, where a service path without quotes was used, which ma...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...