PT-2026-48448

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the agent-API middleware, which, when processing JWT tokens,...

SimpleSAMLphp-casserver 路径遍历漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible Single Sign-On server module developed by SimpleSAMLphp. Versions prior to 7.0.3 of SimpleSAMLphp-casserver contained a path traversal vulnerability. This vulnerability stemmed from the direct concatenation of attacker-controlled...

📄 Chatwoot 4.11.1 SQL Injection

This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...

PT-2026-48447

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via the X509AuthenticationProvider class in X509AuthenticationProvider.java. The provider issues a fully authenticated X509AuthenticationToken whenever a presented certificate maps to...

Assisted Migration Agent 信任管理问题漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a vulnerability related to trust management. This vulnerability stems from the use of insecure TLS connections hardcoded during...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2293)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is setCVE-2025-71089 tls: Fix...

CVE-2026-40993 Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-40993 Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-40993

The CVE-2026-40993 issue affects Spring Security 7.0.0–7.0.5. Affected component: JdbcAssertingPartyMetadataRepository (table saml2_asserting_party_metadata). Root cause: unfiltered Java native deserialization of the BLOBs in verification_credentials and encryption_credentials. Impact: an attacke...

UBUNTU-CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

CVE-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

CVE-2026-9735

CVE-2026-9735 concerns MongoDB server logging of SASL authentication parameters. The connected documents specify that when connection health metric logging is enabled, full authentication parameters (potentially including credentials) may be written to the server log without redaction. The NVD/NV...

CVE-2026-47904

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-47905

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...