CVE-2026-47357

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

IWCC 2026 Call for Papers

The 15th International Workshop on Cyber Crime, or IWCC, 2026 call for papers has been announced. It will be held this year in conjunction with the International Conference on Availability, Reliability and Security ARES 2026 in Link�ping, Sweden, August 24th through the 27th, 2026...

Description of the security update for SharePoint Server 2019 Language Pack: April 14, 2026 (KB5002856)

Description of the security update for SharePoint Server 2019 Language Pack: April 14, 2026 KB5002856 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager​​​​​​​to your farm before you install this cumulative update. If...

EUVD-2023-60535

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 (KB5002823)

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 KB5002823 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope

Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025...

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

CVE-2017-18655

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 August 2017...

CVE-2020-7486

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this...

CVE-2025-23785

Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album ai-responsive-gallery-album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through = 1.4...

CVE-2022-33729

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device...

CVE-2022-33721

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-13427

CVE-2025-13427 concerns an authentication bypass in Google Cloud Dialogflow CX Messenger. The vulnerability allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents’ knowledge and the ability to trigger their intents by manipulating initialization parame...

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 (KB5002802)

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 KB5002802 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

VulnCheck KEV: CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...