Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

EUVD-2026-34660

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

EUVD-2026-34301

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

CVE-2026-50266

OpenStack Neutron before 28.0.1 is affected. A port on a shared network owned by another project can be created or updated by a project manager with device_owner starting with a network: prefix (e.g., network:dhcp). The default RBAC policies did not require network ownership, allowing access to t...

CVE-2026-49942

CVE-2026-49942 affects Net::CIDR::Set for Perl up to version 0.20. The vulnerability stems from improper validation of network masks: the mask portion could contain Unicode digits (e.g., Arabic-Indic One U+0661) or non-digits, which were ignored, potentially allowing larger networks. Leading zero...

EUVD-2026-34297

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that ...

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 Palo Alto Networks PAN-OS contain...

PT-2026-46266

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software accepts non-ASCII IP addresses and netmasks. Unicode digits, such as the Arabic-Indic One U+0661, are accepted but not properly parsed as numbers, which could allow network masks t...

Linux Distros Unpatched Vulnerability : CVE-2026-26280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks functio...

CVE-2026-49267

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...