CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

PT-2026-46151

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

NSA GRASSMARLIN

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

BIT-NATS-2026-33216 NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

Security Bulletin: Unrestricted Internet Access/Outbound Connections vulnerability found in CICS Transaction Gateway for Multiplatforms container (CVE-2026-0977)

Summary An Unrestricted Internet Access/Outbound Connections vulnerability affects the CICS Transaction Gateway for Multiplatforms container. CICS Transaction Gateway for Multiplatforms container has documented how to address the applicable vulnerability. Vulnerability Details CVEID:CVE-2026-0977...

CVE-2022-50924

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

CVE-2022-50924

CVE-2022-50924 affects Private Internet Access 3.3, specifically the pia-service unquoted service path. The unquoted path in the service configuration allows a local attacker to inject code that would run with LocalSystem privileges during service startup, enabling potentially arbitrary code exec...

CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

PT-2026-2400

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

Private Internet Access 代码问题漏洞

Private Internet Access PIA is a VPN software from Private Internet Access, Inc. A code issue vulnerability exists in Private Internet Access PIA version 3.3, which stems from the presence of unquoted paths in the service configuration that could lead to the execution of arbitrary code by a local...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2019-20853

An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem...

CVE-2019-12578

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the...

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

CVE-2019-12577

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpnlauncher.64 is setuid root. This binary creates /tmp/piaupscript.sh when executed...

How private is your VPN?

When you're shopping around for a Virtual Private Network VPN you'll find yourself in a sea of promises like "military-grade encryption!" and "total anonymity!" You can’t scroll two inches without someone waving around these fancy terms. But not all VPNs can be trusted. Some VPNs genuinely protec...

CVE-2022-50596

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...

EUVD-2019-11390

Malware in sbrugna...

EUVD-2020-12686

Malware in sbrugna...