EUVD-2025-206854

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

UBUNTU-CVE-2026-23046

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix device mismatch in devmkzalloc/devmkfree Initial rsshdr allocation uses virtiodevice-device, but virtnetsetqueues frees using netdevice-device. This device mismatch causing below devres warning 3788.514041...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

EUVD-2026-5271

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

PT-2026-6194

Name of the Vulnerable Software and Affected Versions WRC-X1500GS-B WRC-X1500GSA-B Description The initial passwords for the devices can be easily calculated from system information. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

CVE-2026-1701

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

CVE-2026-24429

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated acce...

MiracleLinux 8 : mutt-2.0.7-1.el8 (AXSA:2021-2863:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2863:01 advisory. mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection CVE-2020-28896 mutt:...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-13.el8_10.2 (AXSA:2024-8666:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8666:08 advisory. edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-45237 edk2: Temporary DoS...

MiracleLinux 9 : edk2-20231122-6.el9_4.2 (AXSA:2024-8600:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8600:07 advisory. EDK2: integer overflow in CreateHob could lead to HOB OOB R/W CVE-2022-36765 edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use...

MiracleLinux 7 : ntp-4.2.6p5-25.1.0.1.el7.AXS7 (AXSA:2017-1296:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1296:01 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002248 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002100 advisory. Stack-based buffer overflow in the getmatchingmodelmicrocode function in arch/x86/kernel/cpu/microcode/intelearly.c in the Linux kernel before 4.0 allows...