CVE-2026-43625

CodexBar vulnerability CVE-2026-43625 affects versions prior to 0.32.0. Affected component: CodexBar session handling for Amp and Ollama provider sessions. Root cause: improper redirect handling allows an on-path attacker to observe imported browser session cookies in cleartext HTTP requests when...

CVE-2026-48249

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/login.inc.php,...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...

PT-2026-42526

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

GHSA-R727-5PF6-47R2 Elastic Package Registry has Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

PT-2026-35818

Name of the Vulnerable Software and Affected Versions Elastic Package Registry affected versions not specified Description Improper Verification of Cryptographic Signature occurs in the Elastic Package Registry. This issue allows an attacker who can intercept network traffic or influence the...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based local IT automation solution provided by the American company ConnectWise. This product supports functions such as content management, file sharing, and IT asset tracking and management. There is a security vulnerability in ConnectWise Automate, which stems...

Flowise: Password Reset Link Sent Over Unsecured HTTP

Summary: The password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle MITM attack, where an attacker on the same network as the user e.g., public Wi-Fi can intercept...

CVE-2026-5363

TP-Link Archer C7 v5/v5.8 (uhttpd) is affected by CVE-2026-5363 due to inadequate encryption strength: the admin password is encrypted client-side with RSA-1024 before login, allowing an adjacent attacker to brute-force or factor the 1024-bit key and recover plaintext credentials, leading to unau...

VMware Fusion 13.x, 25H2 < 25H2u1 Improper Restriction of Communication Channel to Intended Endpoints (VMSA-2026-0002)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.x, 25H2 prior to 25H2u1. It is, therefore, affected by a vulnerability. - VMWare Workstation and Fusion contain a logic flaw in the management of network packets. A malicious actor with administrative privileges on ...

About the security content of iOS 18.7.7 and iPadOS 18.7.7

About the security content of iOS 18.7.7 and iPadOS 18.7.7 About the security content of iOS 18.7.7 and iPadOS 18.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

CVE-2026-1068

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

CVE-2026-28865

CVE-2026-28865 is an authentication issue in Apple platforms that Apple fixed with state-management improvements. The advisory indicates the vulnerability affects 802.1X/network authentication and could allow an attacker in a privileged network position to intercept traffic. Patches are present i...

CVE-2026-28865

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position ma...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

About the security content of iOS 18.7.7 and iPadOS 18.7.7

About the security content of iOS 18.7.7 and iPadOS 18.7.7 About the security content of iOS 18.7.7 and iPadOS 18.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...