Microsoft Windows COM 安全漏洞

Microsoft Windows COM is a technology developed by Microsoft Corporation in the United States, aimed at software reuse. COM is described as a platform-independent, distributed, object-oriented system used for creating interactive binary software components. There are security vulnerabilities in...

BIT-JOOMLA-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-35207

In dde-control-center (Deepin Desktop Environment), the plugin-deepinid insecurely skipped TLS certificate verification when fetching user avatars from openapi.deepin.com and similar providers. Prior to version 6.1.80, this allowed a (MITM) attacker to intercept traffic, potentially replace the a...

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

EUVD-2026-19450

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-32929

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!getmacromemCOM. Opening a crafted V7 file may lead to information disclosure from the affected product...

CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

CVE-2026-21630

CVE-2026-21630 affects Joomla! Core — specifically the com_content articles webservice endpoint. The root cause is improperly built order clauses that enable a SQL injection. Exploitation details are not provided in the supplied documents, but CVSS metrics indicate a high-impact vulnerability aff...

CVE-2026-21631

CVE-2026-21631 affects Joomla! Core, specifically the multilingual component com_associations comparison view. Root cause: lack of output escaping enabling a cross-site scripting (XSS) vector. Connected advisories confirm the vulnerability exposure in the core UI component and indicate a remediat...

GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server

NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...

CVE-2026-32968

CVE-2026-32968 describes an unauthenticated RCE in the MB CONNECT LINE MBCONNECT24 family (mymbCONNECT24 and mbCONNECT24) up to version 2.5.0. The vulnerability arises from improper neutralisation of special elements used in an OS command, allowing a remote attacker to execute code and potentiall...

PT-2026-27108

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

MAL-2026-1797 Malicious code in nextiva-dot-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b526416f0bec682e1493700f926a23b44ef0517c358700e8a9b0025028363f0c The package nextiva-dot-com was found to contain malicious code...

Malicious code in nextiva-dot-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b526416f0bec682e1493700f926a23b44ef0517c358700e8a9b0025028363f0c The package nextiva-dot-com was found to contain malicious code...

MAL-2026-1632 Malicious code in @nxt-costco-com/forge-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86e4556dfaa2a30079bf31edd7c9a378deacc22b763f547a4b825d57945debef The package @nxt-costco-com/forge-design-tokens was found to contain malicious code...

Transparent COM instrumentation for malware analysis

COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows...

Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)

Summary A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS queries over TCP. Harden-Runner enforces egress policies on GitHub runners by filtering outbound connections at the network layer. When egress-policy:...

MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)

The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-3670

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was...