CVE-2025-30431

CVE-2025-30431 affects macOS Sequoia before 15.4, macOS Sonoma before 14.7.5, and macOS Ventura before 13.7.5. The issue stems from insufficient checks that could allow a malicious application to access private information. The vulnerability is addressed with fixes in Sequoia 15.4, Sonoma 14.7.5,...

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-43339

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...

CVE-2025-43339

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...

CVE-2025-43278

Summary: CVE-2025-43278 involves macOS Sequoia 15.4 where improved symlink handling fixes a vulnerability that could allow an app to access protected user data. Affected product/impact: macOS Sequoia 15.4 is fixed; no other products or versions are specified in the provided documents. Root cause:...

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

axios: Axios: HTTP Transport Hijacking via Prototype Pollution

A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HT...

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

CVE-2026-45550

Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...

CVE-2026-53473

The CVE affects the migration-planner-ui-app and describes a cross-site scripting (XSS) flaw in which an attacker can register a malicious discovery agent using a crafted credentialUrl containing JavaScript. When an organizational user clicks the link in the UI, the embedded code executes in the ...

Oracle WebLogic Server Local File Inclusion

An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can...

CVE-2026-26237

CVE-2026-26237 affects QuMagie. Description: a missing authorization vulnerability could allow remote attackers to access unauthorized data or perform unauthorized actions. The issue is fixed in QuMagie 2.9.0 and later. CVSSv4 metrics indicate high severity (base score 8.7) with network attack ve...

Linux Distros Unpatched Vulnerability : CVE-2026-46278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL...

ROS-20260610-73-0036

The vulnerability of the SDL3 RDP client for FreeRDP is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...

PT-2026-48446

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

Vulnerabilities in Microsoft Exchange

Microsoft has patched vulnerabilities in Exchange, both on-premise and online versions. A malicious individual could exploit these vulnerabilities to impersonate other users and access sensitive data. Additionally, a malicious actor could execute arbitrary code. The most severe vulnerability...

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

Vulnerabilities in Microsoft Azure

Microsoft has addressed vulnerabilities in various Azure components. Malicious actors could exploit these vulnerabilities to impersonate other users, gain elevated privileges, execute arbitrary code, or potentially access sensitive data. The most severe vulnerability was found in HorizonDB and ha...

vulnerabilities present in Microsoft Office

Microsoft has identified vulnerabilities in various Office products such as Sharepoint, Word, Project, and Excel. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. For successful exploitation, th...