Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments. We found that while Claude Code Action supported environment...

EUVD-2026-5121

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

TOR Virtual Network Tunneling Tool 0.4.8.21

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

QNAP File Station 5 Unlimited or Unthrottled Resource Allocation Vulnerability

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability that can be exploited by an attacker to cause resource access to b...

CVE-2025-48462 Login Session Exhaustion

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from the Swedish company Axis AXIS. AXIS OS has a security vulnerability that stems from a competitive condition that could block web interface access...

waf signature false positive

Enabled the WAF signature 82. Firefox user will trigger signature rule 998998 CVE-2022-21907 and blocked the access by WAF...

OmniCore robot 代码问题漏洞

OmniCore robot is a robotics application. A code issue vulnerability exists in ABB IRC5, OmniCore. An attacker could cause the robot to stop, making the robot controller inaccessible...

Issabel PBX 跨站请求伪造漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A cross-site request forgery vulnerability exists in Issabel PBX version v.4.0.0-6, which originates from a vulnerability that allows any remote attacker to...

UBUNTU-CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

Unspecified vulnerability in SHEKAR Technology Endoscope (CNVD-2019-18874)

SHEKAR Technology Endoscope is a portable endoscopic device from SHEKAR Technology, China. A security vulnerability exists in SHEKAR Technology Endoscope. An attacker can exploit the vulnerability to modify the default SSID and password, causing users to be unable to access the device or cause...

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch...

NATO Reports Data Breach to One of Its Websites

NATO Reports Data Breach to One of Its Websites The North Atlantic Treaty Organization NATO has just issued a short statement that reads as follows: "Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO's...

NATO Reports Data Breach to One of Its Websites

NATO Reports Data Breach to One of Its Websites The North Atlantic Treaty Organization NATO has just issued a short statement that reads as follows: "Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO's...

DEBIAN-CVE-2002-1782

The default configuration of University of Washington IMAP daemon wu-imapd, when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user...