CVE-2026-33757

A flaw was found in OpenBao. A missing prompt for user confirmation when logging in via the JWT/OIDC authentication method with a role configured to use callbackmode=direct allows an attacker to initiate an authentication request and perform a "remote phishing" attack by tricking an authenticated...

openSUSE 15 Security Update : opera (openSUSE-SU-2025:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0111-1 advisory. - Update to 117.0.5408.163 DNA-120683 Issue back Sometimes onboarding is blank and useless DNA-121682 Backport fix for CVE-2025-2783 to O132, O133, GX132...

MongoDB Service Without Authentication Detection

MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without any authentication. A remote attacker can therefore connect to the database system in order to create, read, update, and delete documents, collections, and databases. T...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

Microsoft IIS 404 Response Service Pack Signature

The Patch level Service Pack of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk. Note that this test makes assumptions of the remote patch level based on static return value...