PT-2026-40954

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

CVE-2026-6914

CVE-2026-6914 : The vulnerability arises from computing the MD5 checksum of a malformed BSON object, potentially causing loss of availability on MongoDB Server. Affected are all MongoDB Server v8.2, all v8.1, v8.0 prior to 8.0.21, and v7.0 prior to 7.0.32. The provided documents do not specify ex...

CVE-2026-0207

A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions...

GHSA-2CRG-3P73-43XP @sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-22548

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14988

ibaPDA is affected (PT-2026-5016) with version 8.12.0 showing a permission flaw that grants unrestricted filesystem access without authentication, enabling unauthorized actions on the file system and impacting confidentiality, integrity, and availability. No fix version is disclosed in the provid...

CVE-2026-0494 Information Disclosure vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)

Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted...

PT-2025-49188

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

Pure Storage PX Enterprise 安全漏洞

Pure Storage PX Enterprise is a data storage software from the US-based Pure Storage. A security vulnerability exists in Pure Storage PX Enterprise that stems from the possibility of logging sensitive information under certain conditions...

SUSE CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

GHSA-25WF-7X6C-WMPF Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

EUVD-2025-35669

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

PT-2025-43446

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Recommendations At the...

EUVD-2025-28986

Malicious code in bioql PyPI...

EUVD-2025-25053

Malicious code in bioql PyPI...

CVE-2025-9319

A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions...

Amazon ECS Container Agent 安全漏洞

Amazon ECS Container Agent is an elastic container service agent software open source by Amazon Web Services. A security vulnerability exists in Amazon ECS Container Agent that stems from the fact that under certain conditions, an introspective server can be accessed by other instances in the sam...