CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

CVE-2026-35083

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...

CVE-2026-35078

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Jeecg-boot 3.5.0 qurestSql - SQL Injection

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. id: CVE-2023-1454 info: name: Jeecg-boot 3.5...

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

EUVD-2026-34064

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

CVE-2026-10705

CVE-2026-10705 affects dask up to 3.0, specifically the nunique_approx function in dask/dataframe/hyperloglog.py (HLL Handler). The flaw enables resource consumption and is exploitable remotely; attack complexity is reported as high. A fix is pending review (pull request awaiting acceptance). The...

EUVD-2026-34057

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

PT-2026-46072

Name of the Vulnerable Software and Affected Versions gradio-app gradio version 6.14.0 Description A security flaw exists in the Audio Cache Key Handler component. Specifically, the save audio to cache function uses a weak hash, which can be manipulated. This issue requires a local position for...

From Attack Simulation to SIEM Rule: Deterministic Detection-As-Code Synthesis with Probe-Level Traceability

Security teams routinely simulate attacks against their own systems to check whether their monitoring would catch a real intruder. These Breach-and-Attack-Simulation BAS tools surface findings, but the security information and event management SIEM systems that watch production need detection rul...

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

PT-2026-46105

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

CRESS: Quantifying Vulnerabilities of Attack Scenarios in Hardware Reverse Engineering

The safety, security, and reliability of microelectronic systems depend on a trustworthy, secured supply chain and design flow. Globally distributed supply chains or unintentional design weaknesses leave the door open for attacks on the hardware level. These scenarios encompass counterfeiting,...

PT-2026-46056

Name of the Vulnerable Software and Affected Versions mlrun versions prior to 1.12.0-rc3 Description The DataFrame Hash Handler component contains an issue in the calculate dataframe hash function within the mlrun/utils/helpers.py file. This allows for the use of a weak hash, which can be...

CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

PT-2026-45992

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

Linux Distros Unpatched Vulnerability : CVE-2026-3276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating...