406919 matches found
CVE-2026-53909 Arbitrary File Upload in MCO
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...
CVE-2026-53909 Arbitrary File Upload in MCO
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...
CVE-2026-53905 Unauthorized Access to Administrator ACL View in MCO
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...
CVE-2026-53905 Unauthorized Access to Administrator ACL View in MCO
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...
2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here...
FOSSBilling - Server-Side Template Injection
A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...
Know_Your_Customer_Adverse_Media_Check_BFSI_POC
CITADEL-Governed ADIB AMC Starter PoC This repository is a VM...
CVE-2026-56016
A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...
Papa Johns Surveillance-Based Advertising
Papa Johns is spying on people's buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they're low on groceries--and thus more likely to be swayed by a mouth-watering...
Gorse < 0.5.10 - Unauthenticated Database Dump
Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...
RHSA-2026:33635 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
RHSA-2026:33633 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
RHSA-2026:33634 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
RHSA-2026:33632 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.36 security and extras update
Red Hat OpenShift Container Platform release 4.19.36 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 packages and security update
Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...
0day-Rubbish
0day Rubbish 0day vulnerabilities have become rubbish in...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 bug fix and security update
Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...
Uptime-Kuma < v1.23.0 - Improper Access Control
Uptime-Kuma before v1.23.0 is vulnerable to an information disclosure issue due to missing authorization on the /api/badge/1/ping/24 endpoint. An unauthenticated attacker can access this endpoint to leak ping statistics, such as average ping and ping history, for existing monitors without needing...
CVE-2026-56016
CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...