PT-2026-41247

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

PT-2026-41248

Improper input validation within the AMD Platform Management Framework PMF could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality...

PT-2026-41250

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution...

Security Updates for Microsoft .NET Framework (May 2026)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Note that Nessus has not tested...

oinone-pamirs 代码注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a code injection vulnerability. This vulnerability stems from the ScriptRunner.run method in the ScriptRunner component evaluating scripts controlled by the attack...

PT-2026-41230

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash...

Spring Framework 5.3.x < 5.3.48 / 6.1.x < 6.1.27 / 6.2.x < 6.2.18 / 7.0.x < 7.0.7 Multiple DoS

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.48, 6.1.x prior to 6.1.27, 6.2.x prior to 6.2.18, or 7.0.x prior to 7.0.7. It is, therefore, affected by multiple vulnerabilities: - A WebFlux server application that processes multipart requests creates temp files...

STRIKE: A Structured Taxonomy of Cybercrime for Risk, Impact, Knowledge, and Evolution

Cybercrime has grown exponentially in both scale and sophistication, posing significant threats. As attack methods evolve rapidly, traditional classification schemes often fail to capture the complexity and diversity of modern threats. To address this gap, we introduce STRIKE,a Structured Taxonom...

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

CVE-2026-45028

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-44458

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

CVE-2026-42598

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

CVE-2026-42598

CVE-2026-42598 affects Pode, a cross‑platform PowerShell web framework. From version 2.4.0 up to, but not including, 2.13.0, the Static Route content fetch could be abused to perform a directory traversal (e.g., requesting http://localhost:8080/c:/Windows/System32/drivers/etc/hosts) and return lo...

EUVD-2026-30351

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

Session Fixation

org.apache.wicket, wicket-auth-roles is vulnerable to a session fixation. The vulnerability is due to the missing invocation of the Servlet HTTP request method changeSessionId after session binding, which allows an attacker to exploit session fixation by reusing a predefined session ID to hijack ...

CVE-2026-44516

Valtimo (versions 12.4.0–12.33.0 and 13.26.0) contains a vulnerability in the web module where the LoggingRestClientCustomizer intercepts outgoing HTTP calls via Spring RestClient and logs full request/response bodies and headers. When errors occur, this data can appear in HttpClientErrorExceptio...

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

EUVD-2026-30295

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...