464 matches found
CVE-2026-11943
CVE-2026-11943 affects Akaunting 3.1.21 and is an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name, which can be reflected in the UI. The CVSS4 vector ...
EUVD-2026-38270
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...
CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...
sbom-risk-analyzer
SBOM-Risk-Analyzer Exploitability-weighted vulnerability pri...
Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools...
Meta’s face-recognition code raises new concerns about smart glasses
Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...
Bill to Create Independent US Cyber Force Wants to Place It Under the US Army
It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea...
Poking around in the Dark: Why a Shared Understanding of Components Matters
By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...
S3C2 Summit 2025-07: Government Secure Supply Chain Summit
Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: cerbos, crossplane, flux, apko, gomplate, grype, argocd-image-updater, kaniko, argo-workflows, argo-cd, kargo, bom, pulumi-kubernetes-operator, trivy-operator, gitea, wolfictl, syft, kubescape, grafana, gptscript, pulumi, external-secrets-operator, nfpm, kots,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: docker-compose, crossplane, kyverno-notation-aws, buildkitd, docker, bom, trivy-operator, kubescape, falcoctl, ko, tekton-chains, policy-controller, goreleaser, guac, trivy, ratify, docker-cli-buildx, gitsign, dagger, slsa-verifier, kyverno, skaffold, gitlab-runner,...
The Latest Push to Extend Key US Spy Powers Is Still a Mess
A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors...
[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...
Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs
Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...
Architectural Implications of the UK Cyber Security and Resilience Bill
The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: cerbos, crossplane, flux, apko, gomplate, grype, argocd-image-updater, kaniko, argo-workflows, argo-cd, kargo, bom, pulumi-kubernetes-operator, trivy-operator, gitea, wolfictl, syft, kubescape, grafana, gptscript, pulumi, external-secrets-operator, nfpm, kots, trivy,...
sboms
No d...
spdx-sboms
No d...
CVE-2026-33481
A flaw was found in Syft, a tool for generating Software Bill of Materials SBOM. When Syft scans large or highly compressed archives, it unpacks them into temporary storage. If this process exhausts the temporary storage, Syft fails to properly clean up these files. This can lead to the temporary...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...