CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...

CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...

EUVD-2026-12081

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...

CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...

CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...

EUVD-2026-11352

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

User Impersonation

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...

CVE-2026-2368

CVE-2026-2368 involves an improper certificate validation vulnerability in the Lenovo Filez application. The issue could allow an attacker capable of intercepting network traffic to achieve arbitrary code execution on affected systems. From the provided metrics, the vulnerability has a high impac...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-1068

CVE-2026-1068 concerns Lenovo Filez with an improper certificate validation flaw. The issue arises in the application’s handling of TLS certificates, allowing an attacker capable of intercepting network traffic (adjacent access) to potentially obtain sensitive user data. The vulnerability is clas...

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.6.10.15 and 6.7.8.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the application registration process, which could allow attackers ...

Vulnerability fixed in Microsoft Authenticator app

Microsoft has fixed a vulnerability in the Authenticator app for Android and iOS. A malicious party could exploit the vulnerability to gain access to sensitive data. Successful abuse requires the malicious party to trick the victim into installing a rogue app. This app can then be misused to...