CVE-2026-2564

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2025-33101

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

Tenable vs. Hive Pro: Key Differences Explained

If your security team is drowning in a sea of vulnerability alerts and struggling to make sense of multiple risk scores, you know that more data doesn't always mean more clarity. “The right threat exposure management platform should cut through the noise, not add to it.” When evaluating your...

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface fo...

Side-Channel Attacks Against LLMs

Here are three papers describing different side-channel attacks against LLMs. "Remote Timing Attacks on Efficient Language Model Inference": Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive...

SUSE-SU-2026:20452-1 Security update for crun

This update for crun fixes the following issues: - CVE-2025-24965: .krunconfig.json symlink attack creates or overwrites file on the host bsc1237421...

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely...

CVE-2026-2538

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

CVE-2026-2592

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'ReturnfromZarinPalGateway' failing to validate that the authority token provided in...

CVE-2026-2592 Zarinpal Gateway for WooCommerce <= 5.0.16 - Improper Access Control to Payment Status Update

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'ReturnfromZarinPalGateway' failing to validate that the authority token provided in...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

VulnCheck KEV: CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

PT-2026-20235

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX, and Windows transmits data over a cleartext communication channel. This could allow an attacker to intercept sensitive information...

Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

WordPress plugin RSS Aggregator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

From Tool Orchestration to Code Execution: A Study of MCP Design Choices

Model Context Protocols MCPs provide a unified platform for agent systems to discover, select, and orchestrate tools across heterogeneous execution environments. As MCP-based systems scale to incorporate larger tool catalogs and multiple concurrently connected MCP servers, traditional tool-by-too...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There are security vulnerabilities present in Tenable Security Center, and these vulnerabilities stem from remote attacks by authentication attackers, which allow them to execute arbitrary code...