Improper Verification of Cryptographic Signature

Overview lightrag-hku is a LightRAG: Simple and Fast Retrieval-Augmented Generation Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the validatetoken function. An attacker can gain unauthorized access to protected resources by crafting a JWT...

EUVD-2026-19878

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php...

GHSA-MMW7-WQ3C-WF9P WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

Timing Attack

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Timing Attack via the login endpoint. An attacker can determine whether a username or email exists in the database by...

EUVD-2026-19818

Parse Server has a login timing side-channel reveals user existence...

PT-2026-31057

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in all versions up to, and including, 3.35.5 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

PT-2026-31326

Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0 Description OpenAirInterface version 2.2.0 allows Security Mode Complete without integrity protection. Despite supporting integrity protection configurations NIA1 and NIA2, the system accepts initial registration...

PT-2026-31503

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in WebML could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The security...

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities across the Open-Source Quantum Computing Simulator Ecosystem

Quantum computing simulators form the classical software foundation on which virtually all quantum algorithm research depends. We present Broken Quantum, the first comprehensive formal security audit of the open-source quantum computing simulator ecosystem. Applying COBALT QAI -- a four-module...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

Juniper Junos OS Vulnerability (JSA100056)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100056 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge t...

Juniper Junos OS Vulnerability (JSA106019)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA106019 advisory. - An Incorrect Synchronization vulnerability in the management daemon mgd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low...

PT-2026-31422

Use of Default Cryptographic Key in the hardware for some IntelR PentiumR Processor Silver Series, IntelR CeleronR Processor J Series, IntelR CeleronR Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexit...

CVE-2026-30080

OpenAirInterface v2.2.0 is affected: the system accepts Security Mode Complete without integrity protection, downgrading from supported integrity configurations (NIA1/NIA2) to a capability IA0 during initial registration. This can enable replay attacks. Red Hat ENISA/NVD entries corroborate the d...

WordPress plugin Download Monitor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31392

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

OpenClaw has an unspecified vulnerability (CNVD-2026-16699)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...