CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I...

CVE-2025-59902

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

CVE-2025-59902 HTML injection in NICE Chat

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

CVE-2025-59902

CVE-2025-59902 is an HTML-injection vulnerability in NICE Chat. Attacker-controlled input in firstName/lastName can inject HTML into email transcripts, enabling phishing or impersonation. Affected information is shared across multiple vendors (NVD, Red Hat, EU ENISA, CVE lists) with no explicit v...

How to Film ICE

Filming federal agents in public is legal, but avoiding a dangerous—even deadly—confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact...

CVE-2026-25210

creationtimestamp| type| source ---|---|--- 2026-01-30 09:39:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdmz2gf4qx2t 2026-01-31 12:47:51+00:00| seen| https://seclists.org/oss-sec/2026/q1/136 2026-01-31 14:25:16+00:00| seen|...

EUVD-2025-206432

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

GO-2026-4342 Excessive CPU consumption when building archive index in archive/zip

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005084)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005084 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that ha...

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting (XSS) vulnerability in the user profile first/last name fields. An attacker can inject scripts (e.g., ) that execute when other users view the profile. Connected sources provide CVSS scores (4.0: 5.1/ MEDIUM; 3.1: 6.4/ MEDIUM) and confirm the v...

CVE-2020-36960 Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

CVE-2020-36960 Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '' to execute arbitrary JavaScript when the profile is viewed by other users...

Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1

cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...

Apple Security Update: iOS 15.8.6 and iPadOS 15.8.6

Apple recommends to install security update iOS 15.8.6 and iPadOS 15.8.6 on devices iPhone 6s all models, iPhone 7 all models, iPhone SE 1st generation, iPad Air 2, iPad mini 4th generation, and iPod touch 7th generation...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0235-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0235-1 advisory. Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 -...

Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1

cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...

Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1

cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...