CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

EUVD-2026-35869

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...

MAL-2026-5403 Malicious code in t-invest-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46c186ac158f68845fc995a94d15d44c2b65a521d2619d2850232e58f4a61419 Package is a dependency-confusion squat: package.json sets version 9999.99.99 the canonical max-version trick used to win resolution against any...

Description of the security update for SharePoint Server 2016: June 9, 2026 (KB5002880)

Description of the security update for SharePoint Server 2016: June 9, 2026 KB5002880 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

Description of the security update for SharePoint Server Subscription Edition: June 9, 2026 (KB5002873)

Description of the security update for SharePoint Server Subscription Edition: June 9, 2026 KB5002873 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you'r...

Description of the security update for SharePoint Server 2019: June 9, 2026 (KB5002874)

Description of the security update for SharePoint Server 2019: June 9, 2026 KB5002874 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

CVE-2026-2638

Technical details beyond the summary are not publicly available in the provided documents. Monitor for updates.

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

EUVD-2026-35404

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

EUVD-2026-35136

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

Exploit for OS Command Injection in Redhat Openshift_Container_Platform

excute exploit: bash python ./exploit.py -t 10.129.20.16 -l 1...

GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines

AI-powered agents are increasingly embedded in continuous integration and continuous delivery/deployment CI/CD pipelines to autonomously review pull requests PRs, triage issues, and maintain codebases. These agents ingest untrusted content while operating with elevated repository permissions,...

offensive-claude-533

Offensive Security Research Config for Claude Code !TIP...

offensive-claude-813

Offensive Security Research Config for Claude Code !TIP...

CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...