8 matches found
PT-2026-54444
Name of the Vulnerable Software and Affected Versions probod versions prior to 0.194.1 Description The saferedirect package in go.probo.inc/probo fails to properly validate redirect URLs used in authentication flows, such as OIDC, SAML, session transfer, OAuth connectors, and trust-center magic...
CVE-2026-35400 LORIS incorrectly trusts user input in publication module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
EUVD-2026-12558
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
Scam-checking just got easier: Malwarebytes is now in ChatGPT
If you’ve ever stared at a suspicious text, email, or link and thought “Is this a scam… or am I overthinking it?” Well, you’re not alone. Scams are getting harder to spot, and even savvy internet users get caught off guard. That’s why Malwarebytes is the first cybersecurity provider available...
CVE-2026-23499
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...
Linux Distros Unpatched Vulnerability : CVE-2022-42333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...
CVE-2025-30140
CVE-2025-30140 concerns G-Net Dashcam BB GONX devices where an internal domain uses an unregistered public domain name. This creates a risk that an attacker could register that domain and, if the device resolves it publicly, could intercept traffic and enable data exfiltration or a man‑in‑the‑mid...
Acronis: Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services
Hi Team, Greetings! I've come across jet.acronis.com of acronis.com pointing to an unclaimed Webflow service. Visiting the jet.acronis.com returned the default 404 page for Webflow service, thereby making it potential for subdomain takeover. F937948 jet.acronis.com CNAME pointed to...