CVE-2026-48509

CVE-2026-48509 affects MessagePack for C# (ASP.NET Core MVC context). The issue is that, prior to versions 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() uses default serializer options that resolve to Standard with MessagePackSecurity.TrustedData, which can cross HTTP trust bou...

EEF-CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2...

CVE-2026-32162

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

CVE-2026-32162

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

Windows COM Elevation of Privilege Vulnerability

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

PT-2026-32831

🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

EUVD-2026-10702

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

Improper Authentication

com.liferay, com.liferay.portal.cluster.multiple are vulnerable to Improper Authentication. The vulnerability is due to insufficient authentication of cluster messages, which allows a remote attacker to send unauthenticated malicious data that is processed as trusted data by the affected systems...

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

CVE-2025-36102

CVE-2025-36102 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue arises from client-side enforcement of server-side security, allowing a privileged user to bypass validation by passing user input into the application as trusted data. Impact described acro...

EUVD-2025-35186

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

Liferay Portal fails to verify messages from the cluster network is trusted

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are...

Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era

The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data,...