CVE-2026-23810 Cross-BSSID GTK Re-encryption and Traffic Injection

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...

Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

RUSTSEC-2026-0032 `dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the timecalibrator and timecalibrators malware yesterday. The malicious...

EUVD-2026-9372

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

UBUNTU-CVE-2026-27446

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120

Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.

CVE-2026-1874

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

curl: LM Challenge-Response Hash Always Sent in SMB Authentication

LM Challenge-Response Hash Always Sent in SMB Authentication Summary The curl SMB client unconditionally computes and sends both the legacy LAN Manager LM and NT challenge-response hashes during SMB session setup. The LM hash is cryptographically broken — it splits the password into two 7-charact...

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48634

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-9339

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

PT-2026-23024

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...

PT-2026-22968

Name of the Vulnerable Software and Affected Versions Cisco Snort 3 Detection Engine affected versions not specified Description A flaw exists in the Snort 3 Detection Engine that may allow a remote, unauthenticated attacker to disrupt packet inspection. This is caused by the incomplete parsing o...

PT-2026-23026

Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking...

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from defects in the data packet processing logic, which...