PT-2026-24830

CVE-2026-0940 A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitra… https://t.co/vBlwyEDw2P...

Lenovo ThinkPad 安全漏洞

Lenovo ThinkPad is a portable computer by Lenovo Corporation. The Lenovo ThinkPad has a security vulnerability, which stems from improper initialization issues in the BIOS of certain ThinkPads. This vulnerability may allow local privileged users to modify data and execute arbitrary code...

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

EUVD-2026-10702

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CVE-2026-2742

Summary of CVE-2026-2742 : Vaadin flow-server contains an authentication bypass via the /VAADIN endpoint when accessed without a trailing slash, allowing unauthenticated users to trigger framework initialization and create sessions. Affected products/versions include Vaadin 14.0.0–14.14.0, 23.0.0...

ALSA-2026:4188 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service vi...

PT-2026-24338

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description An issue exists in Azure Entra ID where external initialization of trusted variables or data stores can allow an unauthorized attacker to elevate privileges locally. Recommendations At...

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2026-1275)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token...

PT-2026-24206

Name of the Vulnerable Software and Affected Versions Vaadin versions 14.0.0 through 14.14.0 Vaadin versions 23.0.0 through 23.6.6 Vaadin versions 24.0.0 through 24.9.7 Vaadin versions 25.0.0 through 25.0.1 Description An authentication bypass issue exists in applications using Spring Security...

PT-2026-24341

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server is an open collaboration infrastructure designed for communication, coordination, trust, and payments within The Internet of Agents. Before version 1.1.0, the software permitted the...

CVE-2026-26122

Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

EUVD-2018-21638

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...

CVE-2018-25184 Surreal ToDo 0.6.1.2 Local File Inclusion via index.php

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...

CVE-2018-25178

CVE-2018-25178 affects Easyndexer 1.0 and describes an arbitrary file download vulnerability in showtif.php. The issue allows unauthenticated attackers to download sensitive files by sending POST requests with arbitrary file paths in the file parameter, enabling access to configuration and initia...

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...