CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

CVE-2026-46257 clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

[SECURITY] Fedora 44 Update: freeipa-4.13.1-12.fc44

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

PT-2026-45763

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

CVE-2024-52011

The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom. CVE-2026-34601 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

AgentRedBench: Dynamic Redteaming and Integration-Aware Defense for LLM Agents over SaaS Integrations

Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations third-party services such as Gmail, Salesforce, or Jira accessed through tool calls whose response content the user neither writes nor controls. Existing benchmarks under-measure the...

openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20834-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20834-1 advisory. Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,...

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 — Apache HTTP Server Local Privilege Escalation...

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...