CVE-2026-34455

Hi.Events is affected by an SQL injection in which multiple repository classes pass the user-supplied sort_by parameter directly to Eloquent's orderBy() without validation (affecting versions 0.8.0-beta.1 up to before 1.7.1-beta). The underlying issue is the lack of input validation for sort_by, ...

CVE-2026-20041

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

CVE-2026-33580

OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting...

CVE-2026-34361

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

CVE-2026-5310 Enter Software Iperius Backup IperiusAccounts.ini hard-coded key

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-5310

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

CVE-2026-20041

The CVE-2026-20041 entry concerns Cisco Nexus Dashboard and Nexus Dashboard Insights with a server-side request forgery (SSRF) vulnerability due to improper input validation in specific HTTP requests. The flaw could allow an attacker to persuade an authenticated user of the device management inte...

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255 , sent...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details"...

EUVD-2026-17883

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

EUVD-2026-17909

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-5195

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling. CVE-2025-66471 and CVE-2026-21441 both rela...

Defending Encryption in the Post Quantum Era

Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient…...

EUVD-2026-17849

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...

EUVD-2026-17797

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...