CVE-2026-23726

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service RaaS group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov Нефедов Олег Евгеньевич...

CVE-2026-23726

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...

CVE-2026-23726 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoEntradaControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...

Agentic Browser Security: 2025 Year-End Review

Are agentic browsers the new Flash? A 2025 review of new attacks, vendor security layers, and a roadmap for navigating AI browser risks...

What is Breach and Attack Simulation (BAS)? A Guide

If you’re on a vulnerability management team, you’re likely drowning in a sea of CVEs. Your scanners produce massive lists of potential weaknesses, but with limited time and resources, which ones do you fix first? A high CVSS score doesn't always translate to real-world risk. You need context to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004029 advisory. An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to sen...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003848)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003848 advisory. kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of...

WeGIA input validation error vulnerability

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

WeGIA input validation error vulnerability

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

MiracleLinux 4 : openssl-1.0.0-27.AXS4.2 (AXSA:2013-168:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-168:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : hplip-3.12.4-4.AXS4 (AXSA:2013-130:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-130:01 advisory. The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security issues fixed with th...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.41-1.13.13.1.AXS4 (AXSA:2017-1237:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1237:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001557 advisory. An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds...

CVE-2026-1008

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

CVE-2025-68671

lakeFS - S3 gateway vulnerability: missing timestamp validation in authenticated requests allows replay attacks. Attackers can reuse valid signed requests until credentials rotate; impact is limited to replay of previously captured requests. Affected: lakeFS S3 gateway; root cause is lack of time...

CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

CVE-2026-1008

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

Impact LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request e.g., through network interception, logs, or compromised systems can replay that request until credentials are rotated, even after the reques...