Microsoft Outlook Information Disclosure Vulnerability (CNVD-2026-12557)

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...

Exploiting PendingIntent Provenance Confusion to Spoof Android SDK Authentication

A single authentication bypass in a partner SDK grants attackers the identity of every partner in the ecosystem -- and millions of apps use SDKs with exactly this vulnerability. OWASP's 2024 Mobile Top 10 ranks Inadequate Supply Chain Security as the second most critical mobile risk, explicitly...

JeeSite 代码问题漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Versions of JeeSite 5.15.1 and earlier have code vulnerabilities. These vulnerabilities stem from operations on the component in the file /com/jeesite/common/shiro/cas/CasOutHandler.java, which may lead to XML...

Extending the Formalism and Theoretical Foundations of Cryptography to AI

Recent progress in Large Language Models LMs has enabled the development of autonomous LM-based agents capable of executing complex tasks with minimal supervision. These agents have started to be integrated into systems with significant autonomy and authority. The security community has been...

PT-2026-22541

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A weakness exists in an unknown functionality of the file /admin/check studid.php. Manipulation of the student id argument can lead to SQL injection. The attack can be launched...

PT-2026-22523

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the...

PT-2026-23000

Name of the Vulnerable Software and Affected Versions orpc versions prior to 1.13.6 @orpc/client versions prior to 1.13.6 Description A critical prototype pollution issue exists in the RPC JSON deserializer of the @orpc/client package. This allows unauthenticated, remote attackers to inject...

CVE-2026-3399 Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is...

CVE-2026-3398

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been...

5 Best Kenna Replacement Options to Consider

Attackers don't think in terms of isolated CVE scores. They look for the path of least resistance, chaining together multiple weaknesses across your entire attack surface to reach their goal. This is why the search for a Kenna replacement is so critical. It’s not just about finding a new tool to...

A Practical Guide to Prioritize Cyber Risk

You have firewalls, endpoint detection, and countless other security controls in place, but how do you know they’ll work when an actual attack happens? Guesswork isn't a strategy. Breach and Attack Simulation BAS helps answer this question by safely testing your defenses against real-world attack...

CVE-2026-3393 jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloudwav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be...

CVE-2026-3393 jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloudwav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be...

CVE-2026-3389

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstdrexnewnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and m...

CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

CVE-2026-3386

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...

CVE-2026-3386

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...

CVE-2026-3386

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...

EUVD-2026-9121

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wrencompiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The...

EUVD-2026-9120

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wrencompiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the...