PT-2026-50027

🚨 CVE-2026-46921 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel C...

PT-2026-49759

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...

PT-2026-50029

🚨 CVE-2026-46925 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segmen...

PT-2026-50026

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel Cloud Manager versions 17.0 through 26.5 Description An issue in the Siebel Cloud Manager component of Oracle Siebel CRM allows an unauthenticated attacker with network access via HTTP to compromise the system...

PT-2026-50025

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...

PT-2026-50030

🚨 CVE-2026-46926 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM...

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

Alibaba Cloud Linux 3 : 0159: poppler (ALINUX3-SA-2026:0159)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0159 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-10118: A flaw was found in Poppler's Splas...

EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

CVE-2026-47825

The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...

CVE-2026-41708 Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

CVE-2026-41708

The CVE describes a DoS vulnerability in Spring Cloud Sleuth via the Spring TX instrumentation when using vulnerable versions of org.springframework.cloud:spring-cloud-sleuth-instrumentation (SLEUTH 3.1.0–3.1.13). The root cause is exposure of the transaction instrumentation to crafted calls, all...

CVE-2026-41708 Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...

MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...