412 matches found
CVE-2026-28385
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...
CVE-2026-28385
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...
rm-oneview-poc
RM OneView — Proof of Concept A working POC of the Relationsh...
GHSA-VR35-JM2F-8WG2 Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the GroovyInterceptor initialization of classes via GroovySandbox. An administrator user with the Implementations entitlement can execute arbitrary code by creating a malicious Groovy class...
CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
EUVD-2026-29223
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
CVE-2026-28873
The CVE-2026-28873 issue stems from insufficient entitlement checks that could allow an app to bypass App Privacy Report logging. Affected products include Apple iOS and iPadOS, with fixes in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4. The underlying root cause is entitlement verificati...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
PT-2026-39766
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.4 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.4 Description An application may be able to circumvent App Privacy Report logging. This issue is addressed by implementing...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
CVE-2026-35431
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-25312
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35431
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35431
Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability
...
CVE-2026-35431
CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...