285898 matches found
UBUNTU-CVE-2026-11386
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...
CVE-2026-62241
clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...
FreeBSD Released the Most Security Advisories in Project History in June 2026
On average, the FreeBSD security team releases about 2 security advisories per month. AI has changed this. In April, the project released 8 advisories, with 6 powered by AI. In May, the count decreased slightly to 7. Today I took a look at the FreeBSD Security Advisory page to check the latest...
EUVD-2026-45063
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-45060
Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-62241
CVE-2026-62241 affects the clawvet self-hosted API server (apps/api) prior to 0.7.5. The vulnerability arises from a hard-coded fallback JWT secret ('clawvet-dev-secret-change-me') implemented in auth.ts and shipped as the default in .env.example. Because GET /api/v1/scans returns scan records co...
CVE-2026-62241
clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...
CVE-2026-62241 clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery
clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...
EUVD-2026-45085
clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...
PT-2026-60649
clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...
ACR Stealer: Two observed intrusion chains amid increased threat activity
In this article 1. Campaign 1: WebDAV-based ClickFix with Python loaders and blockchain C2 2. Campaign 2: MSHTA-initiated PowerShell chain with steganographic payload delivery 3. Mitigation and protection guidance 4. References 5. Learn more From late April 2026 to mid-June 2026, Microsoft Defend...
Exploit for CVE-2026-58457
CVE-2026-58457 - Unauthenticated OS Command Injection in Shenz...
CVE-2026-58643
Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-62826
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45334
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model...
CVE-2026-62826
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-62826
CVE-2026-62826 affects Microsoft SharePoint Server where improper neutralization of input during web page generation enables an authorized attacker to spoof over a network. The NVD entry (CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, base score 4.6) confirms cross-site scripting vulnerability wi...
CVE-2026-62826 Microsoft SharePoint Server Spoofing Vulnerability
...
CVE-2026-58643
Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-58643
CVE-2026-58643 describes an improper neutralization of input during web page generation (XSS) in Windows Admin Center, enabling spoofing over a network. Affected component: Windows Admin Center frontend/web page rendering. Root cause: inadequate input handling during page generation. Impact: netw...