JLSEC-2026-30

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

PT-2026-35771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description An issue exists where bootstrap setup codes are not bound to intended device roles and scopes during pairing. This allows attackers to escalate privileges beyond their intended role and scope...

CVE-2026-29598

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

PT-2026-29967

Name of the Vulnerable Software and Affected Versions @usebruno/cli versions installed between 00:21 UTC and 03:30 UTC on March 31, 2026 Description A supply chain attack involving compromised versions of the axios npm package introduced a hidden dependency deploying a cross-platform Remote Acces...

GHSA-XGH5-W62M-8MPR

creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:52+00:00| seen| Telegram/coMrEhctUArWfU1Esx58b8AZjuGB2Ws5YwoScTDx0IuKI...

EUVD-2026-17885

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

CVE-2026-29598

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

Cross-site Scripting (XSS)

Overview @holoviz/panel is a The powerful data exploration & web app framework for Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formatError function in panel/models/util.ts due to using String.replace without the global flag when escaping HTML...

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

CVE-2026-4748 pf silently ignores certain rules

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

PT-2026-29476

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

CVE-2026-29598

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

PT-2026-29530

Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

CVE-2026-29598

CVE-2026-29598 affects DDSN Interactive Acora CMS v10.7.1, with multiple stored XSS vulnerabilities in the submit_add_user.asp endpoint. The First Name and Last Name fields are injectable, allowing an attacker to have scripts/HTML executed in the context of the victim’s browser. The CVE entry spe...

CVE-2026-29598

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

DDSN Interactive Acora CMS 安全漏洞

DDSN Interactive Acora CMS is an enterprise network and mobile CMS provided by DDSN Interactive. Version 10.7.1 of DDSN Interactive Acora CMS contains a security vulnerability. This vulnerability stems from multiple stored-xss vulnerabilities present in the submitadduser.asp endpoint. It could...

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Tech giants like Apple, Google, and Microsoft are among those on a target list released by Iran’s Islamic Revolutionary Guard Corps...

CISO Spotlight: Dimitris Georgiou on Building Security that Serves People First

Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA – finding, to his disbelief, that systems were perilously insecure. Since then, he’s always worked ...

SUSE CVE-2026-32691

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...