Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42907

Technical details (affected software, component, root cause, impact and remediation) are not publicly available in the provided documents. Monitor for updates.

Visual Studio Code Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

ROS-20260609-73-0030

The vulnerability in Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2026-41724

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

EUVD-2026-35030

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

PT-2026-47261

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

PT-2026-47260

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

CVE-2026-7382

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords

Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2026-33829 - Security Vulnerability Quick Usage ba...

CVE-2026-10584

Graph Explorer before 3.0.1 uses an HTTP fallback when certificate files are missing, exposing potential interception of HTTPS requests. The vulnerability affects the proxy component of Graph Explorer and can lead to disclosure of sensitive information. The recommended remediations are to upgrade...

CVE-2026-49198

CVE-2026-49198 affects Predator Connect W6x: MQTT broker. The issue is improper access control that enables wildcard topic subscriptions, which can expose all MQTT traffic to unauthorized actors. Documents do not specify the vulnerable component beyond the broker, nor do they provide version numb...

Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

MAL-2026-4589 Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable...

apify-agent-mcp (>=0.1.0 <=0.2.0), codify-mcp (>=0.2.0 <=1.0.0) potentially affected by CVE-2026-46341 via @apify/actors-mcp-server (=0.7.4)

@apify/actors-mcp-server NPM version =0.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on @apify/actors-mcp-server and may be impacted: - apify-agent-mcp =0.1.0, =0.2.0, =1.0.0 Source cves: CVE-2026-46341 Source advisory: OSV:GHSA-JWP7-WG77-3W9V...