[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI age...

ROS-20260417-73-0010

Vulnerability in pdns-recursor related to insufficient control of the resource during its existence. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Building your cryptographic inventory: A customer strategy for cryptographic posture management

Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google with a Dawn component to handle WebGPU related functions. A memory misreference vulnerability exists in the Dawn component of Google Chrome. The vulnerability stems from improper management of the lifecycle of specific objects in the Dawn compone...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from certain system behaviors that may allow exploration of internal file system structures, potentially leading to information leaks...

Tripp Lite Discontinued Devices Detection

The current plugin identifies Tripp Lite devices that are currently discontinued. Tripp Lite Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product no longer manufactured or procured. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...

Tripp Lite Active Devices Detection

The current plugin identifies Tripp Lite devices that are still under active support. Tripp Lite Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product no longer manufactured or procured. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...

Important: Red Hat Security Advisory: gstreamer-plugins-base and gstreamer-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Eaton End-of-Life Devices Detection

The current plugin identifies Eaton devices that are end-of-life, i.e., still supported but have a discontinued date announced. Eaton Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last ti...

Eaton Active Devices Detection

The current plugin identifies Eaton devices that are still under active support. Eaton Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until the...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-40111

PraisonAIAgents memory/hooks.py allows OS command injection via a user-controlled string passed to subprocess.run() with shell=True before 1.5.128. No sanitization occurs, shell metacharacters are interpreted by /bin/sh, enabling execution of arbitrary commands. Two attack surfaces exist: pre_run...

EUVD-2026-20880

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

GHSA-X274-8QFC-HRGF Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /lifecycle webhook endpoint. An attacker can exhaust system memory and disrupt service availability by sending an oversized JSON payload. Remediation Upgrade...

Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-21388

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-21388

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...