PT-2026-38013

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and...

Cisco Unity Connection（UC） 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from insufficient user input...

PT-2026-38012

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

PT-2026-37669

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

PT-2026-37798

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

Use of Hard-coded Credentials

Overview ogham-mcp is a Shared memory MCP server — persistent, searchable, cross-client Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to hardcoded credentials present in the source files, including development database URLs and an API key. An attacker can...

CVE-2026-29200

Summary: CVE-2026-29200 is a critical IDOR in Comet Backup affecting versions 20.11.0 through 26.1.1 and 26.2.1. A tenant administrator can impersonate any end-user account of other tenants on the same server via a vulnerable API call. The CVSS score is 9.9 (CRITICAL) with network attack vector, ...

Ollama 缓冲区错误漏洞

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

Astra Linux - уязвимость в firefox

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...

CVE-2026-40951

CVE-2026-40951 is a memory corruption vulnerability affecting Secure Access Windows clients prior to version 14.50. According to the description, adversaries with local control of the Windows client can send malformed data to an API, triggering a denial of service. The CVE notes a local attack ve...

CVE-2026-40951

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...

EUVD-2026-26431

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...

Forced Browsing

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Forced Browsing via the account and account-api features when the server is started with...

MAL-2026-3176 Malicious code in @cap-js/db-service (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that facilitates hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut, which stems from improper access control during resource access verification. This vulnerabili...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that facilitates hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut, which stems from plaintext exposure of OTPs in API responses. This vulnerability could allow...

CVE-2026-6706

Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...

CVE-2026-6706

CVE-2026-6706 involves an improper access control flaw in the vault documentation feature of Devolutions Server up to 2026.1.14.0. An authenticated attacker can read documentation content from unauthorized vaults via a crafted API request. Affected component: vault documentation feature; root cau...