CVE-2026-20046

CVE-2026-20046 affects Cisco IOS XR Software. The vulnerability stems from an incorrect mapping of a CLI command to task groups, allowing an authenticated, low-privileged local attacker to bypass task group checks and elevate privileges to full administrative control. Impact stated as privilege e...

Cisco IOS XR 权限许可和访问控制问题漏洞

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. Cisco IOS XR has vulnerabilities related to permission licensing and access control. These vulnerabilities stem from errors in the mapping of commands to task groups in the source code, which can...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

D-SLAMSpoof: An Environment-Agnostic LiDAR Spoofing Attack Using Dynamic Point Cloud Injection

In this work, we introduce Dynamic SLAMSpoof D-SLAMSpoof, a novel attack that compromises LiDAR SLAM even in feature-rich environments. The attack leverages LiDAR spoofing, which injects spurious measurements into LiDAR scans through external laser interference. By designing both spatial injectio...

PT-2026-24729

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

sql-injection-corpus

SQL Injection Corpus - User Guide Overview This corpus con...

EUVD-2026-10499

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home...

From Shadow Models to Audit-Ready AI Security: A Practical Path with Qualys TotalAI

Key Takeaways AI security demands a paradigm shift, treating models, endpoints, and integrations as dynamic attack surfaces requiring continuous governance. Inventory-driven visibility is foundational to managing AI sprawl, uncovering hidden assets, and aligning security with innovation velocity...

CVE-2025-41759

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

CVE-2026-27777

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27770

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-10041

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-10036

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27777

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027 Everon api.everon.io Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27027

Technical details about CVE-2026-27027 are not publicly available in the provided documents. Monitor for updates from listed sources; none of the connected records disclose affected products, versions, root cause, or fixes.