13091 matches found
OpenVPN Connect 安全漏洞
OpenVPN Connect is a VPN Virtual Private Network client application developed by OpenVPN Inc. Versions 3.5.1 to 3.8.1 of OpenVPN Connect have security vulnerabilities. These vulnerabilities stem from an issue with permissions in the background service on macOS, which may allow attackers to execut...
PT-2026-43371
Name of the Vulnerable Software and Affected Versions OpenVPN Connect versions 3.5.1 through 3.8.1 Description A privilege escalation issue exists in the background service of OpenVPN Connect on macOS. This allows attackers to execute arbitrary commands with elevated privileges by utilizing a loc...
Exploit for OS Command Injection in Arcane
CVE-2026-23520: Model Context Protocol MCP Connect RCE - Edu...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access vi...
Malicious code in onboardconnect-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c17efe362ab4daf81f1ee7efe462a256ba325562a255906102d10d4a9ee87e5 The package's dist/setup.js script performs an HTTPS POST to https://oc-worker-tenant-api.wpolanco.workers.dev carrying values read from process.env,...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules axios, protobufjs, fast-xml-parser, follow-redirects, brace-expansion,...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-016743)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016743 advisory. MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on...
Unity Linux 20.1060e / 20.1070e Security Update: mod_auth_openidc (UTSA-2026-016590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016590 advisory. modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users again...
Keycloak < 26.6.2 Multiple Vulnerabilities
Keycloak versions installed prior to 26.6.2 are affected by multiple vulnerabilities, including: - A flaw was found in Keycloak's redirect URI validation logic. An attacker can bypass validation to redirect users to malicious sites, potentially leading to phishing attacks and credential theft...
GHSA-Q2F7-M237-V562 @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...
@hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...
Ivanti Connect Secure - Stack-based Buffer Overflow
Ivanti Connect Secure 22.7R2.5, Ivanti Policy Secure 22.7R1.2, and Ivanti Neurons for ZTA gateways 22.7R2.3 contain a stack-based buffer overflow in the clientCapabilities parameter handling. This vulnerability allows remote unauthenticated attackers to execute arbitrary code through IF-T TLS...
CVE-2026-9084
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...
CVE-2026-9084
MISP OIDC authentication plugin is affected. The issue allows automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account has no stored sub value. Under insecure/untrusted IdP configurations where email ownership isn’t enforced, an attac...
EUVD-2026-31123
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...