86552 matches found
EUVD-2026-43922
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally...
CVE-2026-50391
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally...
Vulnerabilities in Microsoft Windows
Microsoft has fixed a very large number of vulnerabilities in Windows. A malicious actor could exploit these vulnerabilities to carry out attacks that could result in the types of damage listed in the table below. The most serious vulnerabilities have the following identifiers: CVE-2026-49172,...
GHSA-QW5R-PPCG-F8RJ MKP: Unbounded Pod Log Read via Attacker-Controlled `limitBytes`/`tailLines` Causes Memory Exhaustion
Unbounded Pod Log Read via Attacker-Controlled limitBytes/tailLines Causes Memory Exhaustion Summary The MKP Model Context Protocol for Kubernetes server exposes a getresource MCP tool that proxies Kubernetes pod log requests. User-supplied limitBytes and tailLines parameters are parsed as...
How Qualys ETM Identity Detects Identity-Based Attacks Faster
Key Takeaways Identity-based attacks are among the fastest and most effective intrusion methods because valid credentials let attackers operate as trusted users. Techniques like Pass-the-Hash, Kerberoasting, Domain Controller Synchronization DCSync, and Authentication Server Response Roasting...
CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability
...
CVE-2026-50391 Windows Group Policy Elevation of Privilege Vulnerability
...
CVE-2026-50391
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally...
Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway for Multiplatforms
Summary Multiple vulnerabilities have been found in CICS Transaction Gateway for Multiplatforms due to the use of Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring Context, Spring Beans and Logback Core. The Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring...
Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway Desktop Edition.
Summary Multiple vulnerabilities have been found in CICS Transaction Gateway Desktop Edition due to the use of Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring Context, SnakeYAML, Spring Beans, Logback Classic and Logback Core. The Apache Tomcat Embed, Spring Web MVC, Spring...
Windows Group Policy Elevation of Privilege Vulnerability
Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally...
Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows Security Bulletin for CVE-2026-53565 and CVE-2026-53566
Severity - High Description of Problem Vulnerabilities have been discovered in the Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client. Refer to the information below for further details: Affected Versions: The following supported versions of Citrix Secure Access Client fo...
Security Bulletin: Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a...
ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
Security update for afterburn
This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. CVE-2026-41677: openssl: out-of-bounds read in PEM password...
Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.10.0.git73.b97f772. Security issues fixed: CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. CVE-2026-41677: openssl: out-of-bounds read in PEM password...
Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.10.0.git73.b97f772. Security issues fixed: CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. CVE-2026-41677: openssl: out-of-bounds read in PEM password...