CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

CVE-2026-3193 Chia Blockchain send_transaction cross-site request forgery

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /sendtransaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered...

CVE-2026-20036 Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

CVE-2026-22866

The CVE-2026-22866 entry describes a Bleichenbacher-style RSA signature forgery flaw in Ethereum Name Service (ENS) DNSSEC tooling. In ENS v1.6.2 and earlier, RSASHA256Algorithm and RSASHA1Algorithm do not validate PKCS#1 v1.5 padding correctly and only compare the trailing 32 (or 20) bytes of th...

EUVD-2026-8637

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case...

UBUNTU-CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header paramete...

Time-of-Check-Time-of-Use (TOCTOU) Race Condition

filelock is vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. The vulnerability is due to improper file existence checking before opening lock files with truncation, which allows an attacker to exploit a symlink race and corrupt or truncate arbitrary files...

EUVD-2026-8518

A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly availabl...

SUSE-SU-2026:0623-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

CVE-2026-3171

CVE-2026-3171 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown functionality in the file /queue.php where manipulation of the firstname/lastname argument enables cross-site scripting. The flaw can be exploited remotely; the exploit has...

Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

Terrapin Attack - Manual Exploitation Lab CVE-2023-48795...

CVE-2026-3168

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...

CVE-2026-3167 Tenda F453 httpd webtypelibrary formWebTypeLibrary buffer overflow

A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The...

EUVD-2026-8618

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...