OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter

Summary Multiple Reflected Cross-Site Scripting XSS vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users' browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and...

CVE-2026-1874

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

CVE-2026-1874 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

CVE-2026-1874

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

MAL-2026-1167 Malicious code in @global-dax-ad-platform/dax-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eb4c0cce0e997a5ceaf51dd24ec685c500bbfe904265afdce79bb5b2f7e0033 The package @global-dax-ad-platform/dax-modules was found to contain malicious code. Source: ghsa-malware...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

Oracle Linux 9 : python-pyasn1 (ELSA-2026-3359)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3359 advisory. 0.4.8-7 - Resolves: RHEL-148154 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Oracle Linux 10 : python-pyasn1 (ELSA-2026-3354)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3354 advisory. 0.6.2-1 - Update to 0.6.2 - Update modules to 0.4.2 Resolves: RHEL-148142 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2026-0655

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

CVE-2026-0655

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

EUVD-2026-9217

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

CVE-2026-0655

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

CVE-2026-0655

CVE-2026-0655 affects TP-Link Deco BE25 v1.0 (web modules) up to 1.1.1 Build 20250822. The issue is an improper limitation of a pathname to a restricted directory (path traversal) that allows an authenticated adjacent attacker to read arbitrary files or cause a denial of service. CVSS details ind...

PT-2026-22662

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +4524 more potentially affected by unknown CVE via tools.jackson.core:jackson-core (>=3.0.0 <=3.1.0-rc1)

tools.jackson.core:jackson-core MAVEN version =3.0.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.2, =0.1.0, =0.1.0, =0.7.6, =0.7.17 and more Source cves: unknown CVE Source...

CVE-2026-21619 Unsafe Deserialization of Erlang Terms in hex_core

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

PT-2026-22343

Name of the Vulnerable Software and Affected Versions Centreon Open Tickets versions prior to 25.10 Centreon Open Tickets versions prior to 24.10 Centreon Open Tickets versions prior to 24.04 Description An improper input validation issue exists in Centreon Open Tickets on Central Server on Linux...

Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...

be.yildiz-games:module-database-pool-c3p0 (=1.0.1), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.97.0) +108 more potentially affected by CVE-2026-27830 via com.mchange:c3p0 (>=0.10.0-pre2 <=0.11.2)

com.mchange:c3p0 MAVEN version =0.10.0-pre2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =4.1.2, =3.4.5, =5.0.4, =6.0.3 and more Source cves: CVE-2026-27830 Source advisory: OSV:GHSA-5476-XC4J-RQCV...