PT-2026-6706

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24916 Description An identity authentication bypass issue exists in the window module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newe...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from an issue with excessive access to resources by the graphics...

Atlassian Confluence 7.19 < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101872)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101872 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS HDC module, which can be exploited by an attacker to compromise confidentiality...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS camera module, which stems from a lack of proper validation of user-supplied data by the...

PT-2026-6704

Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A use-after-free UAF concurrency vulnerability exists within the graphics module. Successful exploitation of this issue may impact system availability. Recommendations At the...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A type confusion vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to cause usability to be compromised...

PT-2026-6849

Summary Critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error messages by injecting...

Atlassian Confluence 7.7.x < 8.5.31 / 8.6.x < 9.2.13 / 9.3.1 < 10.2.2 (CONFSERVER-101878)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101878 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry o...

PT-2026-6712

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An issue exists in the print module related to improper permission control. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There are security vulnerabilities in Huawei HarmonyOS, which stem from improper standard security checks in the card module. These...

PT-2026-6703

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24929 Description An out-of-bounds read issue exists in the graphics module. Successful exploitation could impact system availability. Recommendations At the moment, there is no information about a newer version that...

CVE-2025-69215

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...

CVE-2025-15343 Tanium addressed an incorrect default permissions vulnerability in Enforce.

Tanium addressed an incorrect default permissions vulnerability in Enforce...

Infinite loop

Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...

Infinite loop

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that exploit hos...

GHSA-X39W-8VM5-5M3P Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...