5407 matches found
CVE-2026-4772 Stored XSS in TR7's WAF-ASP
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
EUVD-2026-41370
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
CVE-2026-4770 DOM-Based XSS in TR7's WAF-ASP
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...
EUVD-2026-41369
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...
CVE-2026-4770
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...
Intel Neural Compressor <2.5.0 - SQL Injection
Improper input validation in some IntelR Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. id: CVE-2024-22476 info: name: Intel Neural Compressor 2.5.0 - SQL Injection author: ritikchaddha severity:...
Delta Electronics DTM Soft
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...
PT-2026-50769
Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...
CVE-2026-50194
Steeltoe CVE-2026-50194 affects management endpoints when configured to listen on an alternate port. Versions 3.2.2–3.3.0 and 4.1.0 use the Host header to gate access instead of the socket port, enabling port-isolation bypass. Patches are in 3.4.0 and 4.2.0. If upgrading isn’t possible, apply exp...
PT-2026-50604
Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...
Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...
Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026
Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...
Exploit for Embedded Malicious Code in Tukaani Xz
XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...
Exploit for CVE-2026-48907
CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة...
Naxclow IoT Platform
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
EUVD-2026-36132
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...
vehicle-subsystem-security-assessment
🚗 End-to-end security assessment of vehicle subsystems ! Me...
openshell-sandbox-poc
OpenShell + Kata Containers: Dual-Protection PoC A proof-of-c...