399334 matches found
Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks
In this article 1. Weston on the future of defense 2. Our latest intelligence and response on npm supply chain attacks 3. Follow the research in the Black Hat Briefings 4. Go deeper in Microsoft sessions 5. Visit booth 2144 for research, community, and hands-on defense 6. Plan your week with...
EUVD-2026-45181
A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
EUVD-2026-45183
Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...
CVE-2026-51083
Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...
CVE-2026-51081
A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
CVE-2026-51082
A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...
CVE-2026-13410
Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...
CVE-2026-13410
DVE-2026-13410 affects Dancer::Plugin::Auth::Google up to version 0.07 for Perl. TLS verification is disabled because the default user agent initializes SSL_verify_mode as disabled, enabling MITM attackers to intercept the OAuth2 token exchange and userinfo fetch with googleapis.com, forge an acc...
CVE-2026-16009
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
CVE-2026-16009
The provided Connected documents identify CVE-2026-16009 in itsourcecode Hospital Management System 1.0. Affected is an unknown function in /prescriptionorderdetail.php where manipulating the delid argument invokes SQL injection. The vulnerability can be exploited remotely, and public exploits ar...
CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
EUVD-2026-45162
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
Security Bulletin: Multiple vulnerabilities in IBM Guardium Unified Discovery and Classification (GUDC) container images
Summary Security vulnerabilities have been addressed in the IBM Guardium Unified Discovery and Classification GUDC container images Vulnerability Details CVEID:CVE-2025-0167 DESCRIPTION: When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password use...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.13.0 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision...
hplip security update
An update is available for hplip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Proje...
Easy Digital Downloads - Privilege Escalation
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...
Scramble Laravel - Remote Code Execution
Scramble for Laravel = 0.13.2 and = 0.13.2 and 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation...
Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...