5873 matches found
IBM Concert 代码问题漏洞
IBM Concert is a new tool developed by the American international business machine IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain code vulnerabilities that are susceptible to server-side request forgeing...
Atlassian Jira Service Management Data Center and Server 5.12.0 < 5.12.26 / 5.13.x < 10.3.16 (JSDSERVER-16499)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16499 advisory. - Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition'...
The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era
As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...
The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era
As the agentic era reshapes security operations, leaders face a strategic inflection point: legacy security information and event management SIEM solutions and fragmented toolchains can no longer keep pace with the scale, speed, and complexity of modern cyberthreats. Organizations can choose to...
IBM Concert Access Control Error Vulnerability (CNVD-2026-13787)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in IBM Concert that stems from a failure to disable a session after logging out, which could be exploited ...
Improper Authentication
Overview @capgo/capacitor-native-biometric is a This plugin gives access to the native biometric apis for android and iOS Affected versions of this package are vulnerable to Improper Authentication via the onAuthenticationSucceeded function. An attacker can gain unauthorized access by hooking and...
@authnlabs/authn (>=1.0.10 <=1.0.18), @s-ui/sui-tool-app (>=1.5.0 <=1.27.0) potentially affected by unknown CVE via @capgo/capacitor-native-biometric (>=5.1.1 <=6.0.4)
@capgo/capacitor-native-biometric NPM version =5.1.1, =1.0.10, =1.5.0, =1.27.0 Source cves: unknown CVE Source advisory: OSV:GHSA-VX5F-VMR6-32WF...
cap-go/capacitor-native-biometric Authentication Bypass
There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...
openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...
React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)
The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...
React Native Community CLI OS Command Injection Vulnerability
React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...
Rapid7 vs. Hive Pro: A Head-to-Head Comparison
See how Rapid7 and Hive Pro compare in features, setup, pricing, and threat intelligence to help you choose the right threat exposure management platform. Threat intelligence and Business context are the secret sauces that transform vulnerability management from a frantic game of whack-a-mole int...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure
Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure PKI and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
Security update for glibc
This update for glibc fixes the following issues: Security fixes: CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in nssdnsgetnetbyaddrr bsc1256822...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24071
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses xpcconnectiongetpidarg2 as argument f...