1854 matches found
EUVD-2026-11719
OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...
CVE-2026-32306
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...
PT-2026-25388
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...
OneUptime SQL注入漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a SQL injection vulnerability. This vulnerability stemmed from the telemetry aggregation API directly inserting...
CVE-2026-32306
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...
CVE-2026-32306 OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...
Detecting and analyzing prompt abuse in AI tools
This second post in our AI Application Security series is all about moving from planning to practice. AI Application Series 1: Security considerations when adopting AI tools established how AI adoption expands the attack surface and our threat-modelling guidance on the Microsoft security blog...
Detecting and analyzing prompt abuse in AI tools
This second post in our AI Application Security series is all about moving from planning to practice. AI Application Series 1: Security considerations when adopting AI tools established how AI adoption expands the attack surface and our threat-modelling guidance on the Microsoft security blog...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.8 MFSA 2026-17 bsc1258568: CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759: Incorrect boundary...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...
PT-2026-25085
Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...
SUSE-SU-2026:0871-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component -...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...
Silent Subversion: Sensor Spoofing Attacks Via Supply Chain Implants in Satellite Systems
Spoofing attacks are among the most destructive cyber threats to terrestrial systems, and they become even more dangerous in space, where satellites cannot be easily serviced, and operators depend on accurate telemetry to ensure mission success. When telemetry is compromised, entire spaceborne...
RHEL 9 : opentelemetry-collector (RHSA-2026:4267)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4267 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query...
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Niranjan Hegde and Sijo Jacob · June 14, 2023 This blog was also written by Mathanraj Thangaraju Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitiv...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...
ALSA-2026:4174 Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121 For more details about the security issues,...
RHEL 9 : opentelemetry-collector (RHSA-2026:4177)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4177 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query...
MGASA-2026-0053 Updated thunderbird packages fix security vulnerabilities
Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...