Sensitive Information Disclosure

Spring Security is vulnerable to Sensitive Information Disclosure. The vulnerability is due to bypass of timing attack protections in DaoAuthenticationProvider when handling disabled, expired, or locked user states, which allows an attacker to infer user account status through response timing...

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

SUSE CVE-2005-4887

NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords...

SUSE CVE-2026-7340

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

Attention Is Where You Attack

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...

Joern 4.0.530

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

Important: dotnet9.0

Issue Overview: Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. CVE-2026-32178 Stack-based buffer overfl...

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...

PT-2026-36258

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

Amazon Linux 2 : dovecot, --advisory ALAS2-2026-3252 (ALAS-2026-3252)

The version of dovecot installed on the remote host is prior to 2.2.36-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3252 advisory. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can us...

Low: librsvg2

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

CVE-2026-36959

Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...

Benefits of Breach and Attack Simulation in Vulnerability Management

Vulnerability management teams face an overwhelming challenge: tens of thousands of CVEs published annually, limited remediation capacity, and no reliable way to separate genuine threats from background noise. Traditional approaches rely on CVSS scores and scanner output, but these methods lack t...

EUVD-2026-26298

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest

Summary The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL smcacsurl stored in the database for the...

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

GHSA-3JMQ-QHG3-F58J mcpo-simple-server has a Path Traversal issue

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the lack of validation for the nonce parameter in the authentication process. An attacker can gain unauthorized access by replaying a previously obtained valid ID token, allowing...