CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of...

CVE-2026-54105

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

CVE-2026-54104

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

CVE-2026-54106

CVE-2026-54106 affects the U.S. GAO EPDS and CBCA EDS login flow, where X-Forwarded-For headers are not validated. The underlying issue allows a remote attacker who has compromised administrator credentials to bypass network access controls and log in, potentially gaining access to restricted doc...

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

EUVD-2026-37911

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

CVE-2026-54103

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

EUVD-2026-37910

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

CVE-2026-54103

CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

CVE-2026-48142

creationtimestamp| type| source ---|---|--- 2026-06-17 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1927 2026-06-17 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1929 2026-06-18 13:10:33+00:00| seen|...

CVE-2026-46934

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8...

CVE-2026-46902

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 01:07:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mojn7rmahc2l...

CVE-2026-46795

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 12:07:16+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moks3xavdc24...

CVE-2026-46919

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-19 06:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3momoh54d4q2e...

CVE-2026-12444

creationtimestamp| type| source ---|---|--- 2026-06-17 01:56:44+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-google-chrome-56 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260622 2026-06-21 18:00:00+00:0...

CVE-2026-12448

creationtimestamp| type| source ---|---|--- 2026-06-17 01:56:44+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-google-chrome-56 2026-06-21 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260622...