PT-2026-21963

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A cross-site request forgery condition exists in Chia Blockchain version 2.1.0. The issue is related to an unknown function within the /send transaction file. The attack can be performed remotely and...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

Richie 安全漏洞

Richie is an open-source educational content management system developed by France Université Numérique. Richie has a security vulnerability. This vulnerability stems from the use of the non-constant time == operator in the synccourserunfromrequest function for HMAC signature verification. This...

CVE-2026-3134 itsourcecode News Portal Project edit-category.php sql injection

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has be...

CVE-2026-3015

A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclose...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-23858

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence AI-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patche...

CVE-2024-48928

Piwigo CVE-2024-48928 affects 14.x branch installations where secret_key is set to MD5(RAND()) in MySQL. RAND() offers about 30 bits of entropy, making brute-forcing feasible within roughly an hour. The CSRF token partially derives from the secret_key, allowing verification of a brute-force attem...

CVE-2026-27521

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

CVE-2025-13776

CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...

GHSA-GM37-QX7W-P258 ImageMagick: Possible memory leak in ASHLAR encoder

A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. ==880062== Memcheck, a memory error detector ==880062== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...

Integrating Advanced API Security with Imperva Gateway Environment

As APIs power the majority of modern web applications, implementing robust API security is no longer optional - it’s a critical necessity for data protection. This guide explores how to seamlessly integrate API gateway security into your Imperva on-premises environment to mitigate OWASP Top 10...

CVE-2026-2974

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

CVE-2025-15589

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence AI companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with...