EUVD-2026-39699

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

CVE-2026-46607

CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

CVE-2026-5513

creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...

CVE-2026-45060

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

PT-2026-48791

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progress video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been...

CVE-2026-26239

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

CVE-2026-24720

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

Security update for openssh

This update for openssh fixes the following issues Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise Micro for Rancher 5.3...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021488 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for...

EUVD-2026-30301

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...

CVE-2022-50955

creationtimestamp| type| source ---|---|--- 2026-05-10 15:11:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlj2ackmlb2r...

python-tornado security update

6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934...