1340 matches found
New Search Experience for Veeam Data Cloud for Microsoft 365
Purpose We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. Below are the details and important limitations to be aware of during this phased rollout. What's New Faster Search Experience Ou...
CVE-2026-33039
WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...
CVE-2023-43010
A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server,...
GHSA-GFGR-6HRJ-85WW Juju affected by timing ownership claim attack on new external back-end secrets
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
SUSE CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
GHSA-QWXP-6QF9-WR4M PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires \security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium brows...
CVE-2026-32691
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report
The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...
Malicious code in initial-path32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71e77f0ff5d620fe6b79ce6c0ba799edb94b5ec3b8eea98b7da903d2f70e9c86 The package initial-path32 was found to contain malicious code...
MAL-2026-1749 Malicious code in initial-path32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71e77f0ff5d620fe6b79ce6c0ba799edb94b5ec3b8eea98b7da903d2f70e9c86 The package initial-path32 was found to contain malicious code...
Malicious code in initial-path21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9016e70b5df975a1a657b63786d763547450ae6c1899e11e100eb25ba0fe1392 The package initial-path21 was found to contain malicious code...
MAL-2026-1748 Malicious code in initial-path21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9016e70b5df975a1a657b63786d763547450ae6c1899e11e100eb25ba0fe1392 The package initial-path21 was found to contain malicious code...
Malicious code in aboba-initial (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2bc49e5fcbf02e59b7bcf6e398b57d9376722e9836dc06141e4b1fbeac1cb1f The package aboba-initial was found to contain malicious code...
MAL-2026-1645 Malicious code in aboba-initial (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2bc49e5fcbf02e59b7bcf6e398b57d9376722e9836dc06141e4b1fbeac1cb1f The package aboba-initial was found to contain malicious code...
EUVD-2026-12810
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-32691
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...
UBUNTU-CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
PT-2026-26190
The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium browse...