Intel Processors 输入验证错误漏洞

Intel Processors are a series of processors developed by the American company Intel. Intel Processors have a vulnerability related to input validation, which arises from improper input validation and may lead to privilege escalation. System software attackers with privileged access can potentiall...

Microsoft Windows App Installer 数据伪造问题漏洞

The Microsoft Windows App Installer is a tool provided by Microsoft Corporation for use with the Windows 10 and Windows 11 operating systems. It allows users to easily install applications by double-clicking .msix or .msixbundle files. This tool supports installation from websites, optional...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

Towards Modeling Cybersecurity Behavior of Humans in Organizations

We undertake a comprehensive and structured synthesis of the drivers of human behavior in cybersecurity, focusing specifically on people within organizations i.e., especially employees in companies, and integrate key concepts such as awareness, security culture, and usability into a coherent...

JFlow 安全漏洞

JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. JFlow has a security vulnerability, which stems from incorrect operations on the function Calculate in the file src/main/java/bp/wf/httphandler/WFCCForm.java, potentially leading to injection attacks...

Post-Quantum Federated Learning: Secure and Scalable Threat Intelligence for Collaborative Cyber Defense

Collaborative threat intelligence via federated learning FL faces critical risks from quantum computing, which can compromise classical encryption methods. This study proposes a quantum-secure FL framework using post-quantum cryptography PQC to protect cross-organizational data sharing. We expose...

CVE-2026-30855

WeKnora exposes a broken access control in its tenant management endpoints, enabling any authenticated user to read, modify, or delete tenants by ID without ownership checks. The policy bypass affects endpoints like GET /api/v1/tenants, GET /api/v1/tenants/{id}, PUT /api/v1/tenants/{id}, and DELE...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28475

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server from 9.3.1-alpha.3 to 9.5.0-alpha.10. These vulnerabilities stemmed from a bypass of interception...

CVE-2026-30796

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...

Medium: qt5-qt3d

Issue Overview: A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp...

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket API. This vulnerability could lead to...

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime 10.0.11 and earlier contain security vulnerabilities. These vulnerabilities stem from the WebAuthn authentication implementation, which does not...

ePower 安全漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security vulnerability, which stems from the lack of a limit on the number of authentication requests. This vulnerability could lead to denial-of-service attacks or brute-force attacks...

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

The Hidden Cyber Risks of Remote Work Infrastructure

Hidden cyber risks in remote work include insecure home Wi-Fi, phishing attacks, and data exposure, leaving businesses and employees vulnerable to breaches...