33944 matches found
VMware Spring Cloud Config 安全漏洞
VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. There is a security vulnerability in VMware Spring Cloud Config, which stems from...
PT-2026-38330
Name of the Vulnerable Software and Affected Versions Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0...
PT-2026-38329
Name of the Vulnerable Software and Affected Versions Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0...
Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...
KLA91030 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...
CVE-2026-33975
Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...
Malicious code in playwright-atoned (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 250795bc04569c6f87e372e4b6bed019148a1c78f4357e8e430c1865acfead07 The package exfiltrates sensitive data like local environmental variables and cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent,...
MAL-2026-3355 Malicious code in playwright-atoned (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 250795bc04569c6f87e372e4b6bed019148a1c78f4357e8e430c1865acfead07 The package exfiltrates sensitive data like local environmental variables and cloud tokens --- Category: MALICIOUS - The campaign has clearly malicious intent,...
GHSA-FW8G-CG8F-9J28 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector, jaeger, node-problem-detector, minio-object-browser, loki, fluent-bit-plugin-loki, telegraf, mc, prometheus-pushgateway, metrics-server, karma, certificate-transparency, keda, opentelemetry-collector, amazon-cloudwatch-agent-operator, prometheu...
GHSA-FW8G-CG8F-9J28 vulnerabilities
Vulnerabilities for packages: jaeger, fluent-bit-plugin-loki, keda, prometheus-pushgateway, tempo, datadog-agent-fips, mcp-grafana-fips, mcp-grafana, nrdot-collector-k8s-fips, ops-agent, trillian, trillian-fips, jaeger-fips, prometheus-pushgateway-fips, datadog-agent,...
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
ExploitMind
ExploitMind Overview ExploitMind is an en...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
EUVD-2026-27552
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
EUVD-2026-27550
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici
Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...
CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...
CVE-2026-40001
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
CVE-2026-40001 Local privilege escalation vulnerability in ZTE PROCESS Guard service of the cloud computer client
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
CVE-2026-40001
Technical details about CVE-2026-40001 are not publicly available in the provided documents. The two entries describe a local privilege escalation in ZTE PROCESS Guard but do not specify impacted versions, vulnerable components, or fixes. Monitor for updates.