CVE-2025-61848

CVE-2025-61848 is an SQL injection vulnerability caused by improper neutralization of special elements in Fortinet products (FortiAnalyzer, FortiManager, and their Cloud variants) across multiple 7.x releases. The flaw may allow a privileged authenticated attacker to execute unauthorized code or ...

Remote Procedure Call Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally...

CVE-2026-27675

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

Microsoft Windows Remote Procedure Call 信息泄露漏洞

Microsoft Windows Remote Procedure Call is a powerful technology developed by Microsoft for creating distributed client/server programs. There is an information leakage vulnerability in Microsoft Windows Remote Procedure Call. Attackers can exploit this vulnerability to obtain sensitive...

PT-2026-32760

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper access control in the Windows RPC API allows an authorized attacker to elevate privileges locally and affect the system. Recommendations At the moment, there is no information about ...

KLA90980 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code, cause denial of service, read local...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows RPC API contains a vulnerability related to access control errors. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...

SUSE CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-33783

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1572)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1572 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

CVE-2026-5059 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think

The new AI model is being heralded—and feared—as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CLEANSTART-2026-NZ97711 gRPC-Go is the Go language implementation of gRPC

Security vulnerability affects the kubo package. gRPC-Go is the Go language implementation of gRPC...

CLEANSTART-2026-MU81308 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm59-992w-x2mv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handlin...

PT-2026-31882

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save title AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

CVE-2026-35626

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...