Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

CVE-2026-11479

CVE-2026-11479 affects yoanbernabeu grepai 0.35.0, specifically the Qdrant Backend component’s file indexer/chunker.go. The issue involves manipulation that leads to use of a weak hash, enabling a remote attack. Exploitation is described as difficult, with network attack vector and low privileges...

Eliminate Critical API Attack Paths with Wiz API SPM

Wiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach...

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

GitLab CE/EE - Remote Code Execution

GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for...

EUVD-2026-31550

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

CVE-2026-9394

The CVE concerns Besen BS20 EV Charging Station, specifically a vulnerability in the Bluetooth Low Energy Handler that can be exploited by manipulating an unknown function to trigger weak password requirements. AFFECTED COMPONENT: Besen BS20 EV Charging Station; vulnerability type is related to B...

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

UBUNTU-CVE-2026-9365

A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNCDECODER of the file src/dissectors/ecgg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The...

Astra Linux - уязвимость в firefox, thunderbird

It is currently unknown whether this issue is exploitable. However, there is a possibility that the structured cloning of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed an out-of-bounds write operation through a compressed name in rdatacopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...

VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers

Model Context Protocol MCP has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can...

CVE-2026-8026

FlowiseAI Flowise up to version 3.0.12 contains a security flaw in the API Response Handler, specifically in the function Login of packages/server/src/enterprise/services/account.service.ts. The manipulation leads to information disclosure and can be exploited remotely. The reported attack comple...

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

Benefits of Breach and Attack Simulation in Vulnerability Management

Vulnerability management teams face an overwhelming challenge: tens of thousands of CVEs published annually, limited remediation capacity, and no reliable way to separate genuine threats from background noise. Traditional approaches rely on CVSS scores and scanner output, but these methods lack t...

CVE-2026-7303

The CVE-2026-7303 affects Xuxueli XXL-Job up to version 3.3.2, specifically the logDetailCat function in JobLogController.java (Execution Log Handler). Manipulating the logId argument can cause improper control of resource identifiers and may be exploitable remotely. Exploitability is described a...

EUVD-2026-25146

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

Securing AI Applications From Inception to Deployment

Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...

Qualys vs Hive Pro: How They Compare on Key Features

Finding vulnerabilities is only half the battle. How do you know which ones pose a real, immediate threat to your organization? A high CVSS score doesn't always translate to high risk in your specific environment. This is where Breach and Attack Simulation BAS comes in, actively testing your...