OpenBao 安全漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the ExtractPluginFromImage function in the OCI plugin downloader, which did not limit the number of bytes...

WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Issues...

PT-2026-34015

Name of the Vulnerable Software and Affected Versions Bamboo Data Center versions 9.6.0 through 9.6.24 Bamboo Data Center versions 10.0.0 through 10.2.17 Bamboo Data Center versions 11.0.0 through 12.1.5 Description An OS Command Injection issue allows an authenticated attacker to achieve Remote...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

CVE-2026-40372

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

PT-2026-33922

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...

PT-2026-33926

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

PT-2026-34137

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7 and 8.1.2.5 Description An issue in the Platform component allows a low privileged attacker with network access via HTTP to compromise the system...

PT-2026-34213

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF allows an attacker to extract sensitive environment variables from an instance via a timing side-channel attack against the notebook rendering...

mailcow: dockerized 安全漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before dockerized 2026-03b contained security vulnerabilities. These vulnerabilities stemmed from the lack of HTML encoding for client IP addresses in the user dashboard login history, and the...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is an open source relational database management system for storing, managing and retrieving data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: Optimizer component to properly handle a specific request a...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is a relational database management system developed by Oracle Corporation. There is a security vulnerability in Oracle MySQL Server, which stems from issues with the Server: Group Replication Plugin component. This vulnerability may allow attackers with low privileges to acce...

PT-2026-34128

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.45 MySQL Server versions 8.4.0 through 8.4.8 MySQL Server versions 9.0.0 through 9.6.0 Description An issue in the InnoDB component of MySQL Server allows a high privileged attacker with network access v...

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010730 advisory. A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver...

Security update for ovmf (moderate)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20499-1 Rating: moderate References: bsc1252441 Cross-References: CVE-2025-59438 CVSS scores: CVE-2025-59438 SUSE : 5.5...

SUSE CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

CVE-2026-5721

The wpDataTables WordPress plugin is affected by a stored cross-site scripting (XSS) vulnerability in all versions up to 6.5.0.4. The root cause is insufficient input sanitization and output escaping in prepareCellOutput() for the LinkWDTColumn, ImageWDTColumn, and EmailWDTColumn classes. The vul...

CVE-2026-34403

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...