EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

PT-2026-45263

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

OTRS security vulnerabilities

OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X of OTRS, as well as versions before 2026.4.X. These vulnerabilities stem from improper handling of permissions in the document search...

Malicious Package

Overview @cloudplatform-single-spa/agreements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Vulnerability Remediation: The Complete Guide to Fixing Security Weaknesses

Your scanners find thousands of vulnerabilities every cycle. Your team triages, assigns, and patches what they can. But weeks later, the same critical CVEs still sit open, SLAs blow past their deadlines, and the backlog keeps growing. The problem is rarely a lack of detection. It is a broken...

How to Avoid Confidentiality Gaps in Early-Stage Startups

Startups often expose sensitive data during pitches and hiring. Learn when to use NDAs and simple workflows to close confidentiality gaps...

CVE-2011-0787

Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Service Level Agreements...

EUVD-2009-0634

Malware in sbrugna...

EUVD-2025-11786

Malicious code in bioql PyPI...

From Impact to Action: Turning BIA Insights Into Resilient Recovery

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, "How do you tackl...

International Security Applications of Flexible Hardware-Enabled Guarantees

As AI capabilities advance rapidly, flexible hardware-enabled guarantees flexHEGs offer opportunities to address international security challenges through comprehensive governance frameworks. This report examines how flexHEGs could enable internationally trustworthy AI governance by establishing...

ROS-2-137

2.137 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-18

2.18 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...

CVE-2025-39462

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through = 1.0.3...

CVE-2025-39462

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through = 1.0.3...

CVE-2025-39462 WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through = 1.0.3...

CVE-2025-39462 WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through = 1.0.3...