CVE-2026-42404

A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier URI, Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound reques...

Introducing Wallarm Middle East Cloud: Built for Data Residency Compliance

As API and AI adoption grows across the Middle East, so do the expectations around how data is handled. For many organizations operating in this region, it’s not just about securing applications. It’s about doing it in a way that keeps data in-country and aligned with local requirements. Today,...

EUVD-2026-26893

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

CVE-2026-7722 PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

Malicious Package

Overview @pyme-web/web-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3264 Malicious code in @bcs-adapters/keycloak-api-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f764a24270c6884e2f07d786ae252002ce64b35efb380b1dbce85e6af90a8e6 The package @bcs-adapters/keycloak-api-adapter was found to contain malicious code. Source: ghsa-malware...

PT-2026-36946

Name of the Vulnerable Software and Affected Versions openmrs-api versions prior to 2.7.9 openmrs-api versions prior to 2.8.6 Description Server-side template injection SSTI occurs via Velocity, which allows for remote code execution RCE. SSTI is a flaw where an attacker can inject malicious code...

PT-2026-36752

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.22 Description Improper authentication in the Health Check API allows a remote attacker to perform a manipulation. This issue specifically impacts the endswith function within the '/api/health' endpoint...

Prefect 授权问题漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Prefect versions 3.6.21 and earlier have a vulnerability related to authorization. This vulnerability stems from improper...

RHCOS 4 : Red Hat build of MicroShift 4.14.0 (RHSA-2023:5008)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5008 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin...

PT-2026-36771

Name of the Vulnerable Software and Affected Versions Comet Backup versions 20.11.0 through 26.1.1 Comet Backup version 26.2.1 Description An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists that allows a tenan...

PT-2026-37202

Name of the Vulnerable Software and Affected Versions Quarkus OpenAPI Generator versions prior to 2.11.1-lts Quarkus OpenAPI Generator versions prior to 2.16.0-lts Quarkus OpenAPI Generator versions prior to 2.17.0 Description The generated authentication filter matches OpenAPI path templates too...

RHCOS 3 : jenkins (RHSA-2016:0711)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0711 advisory. - jenkins: Remote code execution vulnerability in remoting module SECURITY-232 CVE-2016-0788 - jenkins: HTTP response splitting...

RHCOS 3 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1094)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1094 advisory. - 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain CVE-2016-3703 - 3: s2i builds...

RHCOS 2 : rubygem-openshift-origin-console (RHSA-2015:1808)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1808 advisory. - 2.2: API command injection vulnerability CVE-2015-5274 Note that Nessus has not tested for this issue but has instead relied only on the...

RHCOS 3 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1095)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1095 advisory. - 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain CVE-2016-3703 Note that Nessus has not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy. The syzbot report indicated that a crash occurred in tcactinHW, during the netns teardown process. In this scenario, tcfidrinfodestroy passed a value of...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used within the same transaction, leading to a use-after-free...