1867 matches found
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...
How GitHub used secret scanning to reach inbox zero
Several years ago, GitHub Security launched an initiative to assess and improve our overall secrets hygiene. As part of that effort, we piloted the Secret Scanning capability that was under development at the time. That's when we found more than 20,000 secrets spread across our 15,000+...
CVE-2026-20244
creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:22+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...
Malicious code in @alerts/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6599 Malicious code in @alerts/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-storage, crossplane-provider-azure-security, crossplane-provider-azure-servicebus, crossplane-provider-azure-operationsmanagement, x509-certificate-exporter-fips, x509-certificate-exporter, crossplane-provider-azure-signalrservice, grafana,...
CVE-2026-13208
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...
Malicious code in security-alerts-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...
MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...
CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
CVE-2025-48643
creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...
CVE-2025-48640
creationtimestamp| type| source ---|---|--- 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260622 2026-06-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1931...
[SECURITY] Fedora 44 Update: alertmanager-0.33.0-1.fc44
The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the removeAlarms process. An attacker can permanently delete alarm records belonging to other tenants by supplying arbitrary alarm IDs in a bulk delete request. This can result in...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2026-37639
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-54802
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-35298
creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-17 11:55:09+00:00| seen|...
CVE-2026-46825
creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 11:55:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3moiaxrr3n52v...
CVE-2026-46765
creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-19 04:07:07+00:00| seen|...