Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

Exploit for CVE-2026-1555

CVE-2026-1555 WebStack = 1.2024 - Unauthenticated Arbitrar...

Metasploit Wrap-Up 04/17/2026

Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On th...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Spring Framework

Summary Due to use of the Spring Framework, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and...

Exploit for SQL Injection in Ghost

CVE-2026-26980 — Ghost CMS Content API SQL Injection Lab Unau...

curl: libcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms

Summary: libcurl omits the IPv6 zoneid component from multiple security-sensitive host identity decisions even though the connection layer still routes by zoneid. As a result, two distinct scoped/link-local destinations such as fe80::X%zoneA and fe80::X%zoneB are treated as the same host by...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Netty framework

Summary Due to use of the Netty framework, DevOps Test Performance and Rational Performance Tester contain a potential HTTP request smuggling vulnerability. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the brace-expansion Node.js library

Summary Due to use of the brace-expansion Node.js library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library

Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...

EUVD-2025-209467

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affec...

Bouncy Castle Has Covert Timing Channel Vulnerability

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations. This issue affects...

GHSA-P93R-85WP-75V3 Bouncy Castle Has Covert Timing Channel Vulnerability

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations. This issue affects...

Security Bulletin: Due to use of spring-webmvc-6.2.16.jar, IBM Sterling Connect:Direct Web Services is affected by disclosure of content from files outside the configured locations for script template views.

Summary spring-webmvc-6.2.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosur...

K000160873: Linux kernel vulnerability CVE-2026-23317

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup functi...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server library

Summary Due to use of the Undertow web server library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-3260 DESCRIPTION: A flaw was found in Undertow. A remote attacker could exploit this...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library

Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Prototype Pollution and Arbitrary Code Injection vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library

Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Arbitrary Code Injection and Prototype Pollution vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jakarta.mail library

Summary Due to use of the jakarta.mail library, DevOps Test Performance and Rational Performance Tester contain a potential SMTP injection vulnerability. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and...