ROS-20260524-73-0006

A vulnerability in the JGSS component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow a remote attacker to gain...

ROS-20260524-73-0018

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0021

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

CVE-2026-44409

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

CVE-2026-44409

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

CVE-2026-44409

Technical details about CVE-2026-44409 are not publicly available in the provided documents. No explicit affected versions, root cause specifics, exploit information, or mitigations are present. Monitor for updates from vendors and security feeds.

CIOP-PIB STER SQL注入漏洞

CIOP-PIB STER is a occupational safety and human factors risk assessment software system developed by the Polish company CIOP-PIB. Versions of CIOP-PIB STER prior to version 9.5 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of multiple search filter...

Dell ECS 访问控制错误漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...

EUVD-2026-31472

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

CVE-2026-36228

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

CVE-2026-44047

A flaw was found in Netatalk. This vulnerability, identified as a SQL injection in the MySQL CNID backend, could allow a remote attacker to execute arbitrary code or gain unauthorized access to sensitive information. Successful exploitation could lead to significant data compromise, data...

Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users...

CVE-2026-5434

...

CVE-2026-5434

...