EUVD-2026-38287

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...

EUVD-2026-38205

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash BSOD by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

PT-2026-50806

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...

EUVD-2026-37545

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

EUVD-2026-36307

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

CVE-2026-34182

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

PT-2026-46185

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

PT-2026-48838

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

Security Bulletin: IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint...

CVE-2026-0241

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

PT-2026-39695

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the SignedPublicKeysTrustValidatorImpl.isTrusted function. An attacker can bypass signature verification and gain unauthorized access by providing any structurally valid ECDSA signature, as the boolea...

CVE-2026-43024

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability arises from the system allowing immediate NFQUEUE verdicts, which are not intended for use by userspace nft tools. This could lead to unexpected behavior or a bypass of intended network filtering rules,...

CVE-2026-35514

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for Android prior to version 150 contain security vulnerabilities, which stem from bypassing security measures...

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data...

CVE-2026-5758

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution...

Cloud Foundry 安全漏洞

Cloud Foundry is an open-source Platform as a Service PaaS cloud computing platform developed by the Cloud Foundry Foundation in the United States. This product offers features such as container scheduling, continuous delivery, and automated service deployment. There is a security vulnerability i...