JesterSploit

JesterSploit – Advanced WiFi Penetration Testing Framework !...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

CVE-2026-3109

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

CVE-2025-55272

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

ALPINE-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to construct specially crafted requests that lead to header parsing discrepancies, potentially allowing for request...

LibreChat 代码问题漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Versions of LibreChat from 0.8.2-rc2 to 0.8.2 contain code vulnerabilities. These vulnerabilities stem from...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability; this vulnerability stems from direct comparison in credential verification and makes it vulnerable to timing attack attacks, whi...

Cocos AI 访问控制错误漏洞

Cocos AI is an AI security computing platform based on a trusted execution environment, open-sourced by Ultraviolet. Cocos AI versions 0.8.2 and earlier contain an access control vulnerability. This vulnerability stems from a proven TLS design that has weaknesses in relay attacks, allowing...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to send specific header block terminators, potentially leading to request payload attacks...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8125-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8125-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

ROS-20260327-73-0002

Vulnerability in busybox related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

EUVD-2026-16236

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...