CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

EUVD-2026-34212

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

PT-2026-46151

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

CVE-2026-25904

The CVE-2026-25904 entry concerns Pydantic-AI MCP Run Python tool configuring the Deno sandbox in a way that allows the underlying Python code to access the host’s localhost interface, enabling SSRF. Affected component: the Deno sandbox configuration used by mcp-run-python (Pydantic-AI MCP Run Py...

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

Security feature bypass

The Network Location Awareness NLA service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows...

SuSE 10 Security Update : hal (ZYPP Patch Number 6036)

The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. CVE-2008-4311 The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. Additionally a bug i...

SuSE 10 Security Update : NetworkManager-gnome (ZYPP Patch Number 6028)

The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users. CVE-2009-0578 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE Security Update : NetworkManager-gnome (NetworkManager-gnome-563)

The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users CVE-2009-0578. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : PolicyKit (PolicyKit-494)

The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied CVE-2008-4311. The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. %NASLMINLEVEL 70300 ...

openSUSE Security Update : cnetworkmanager (cnetworkmanager-576)

The cnetworkmanager configuration was too permissive and allowed any user to read secrets CVE-2009-0365. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cnetworkmanager-576. The text descripti...

openSUSE 10 Security Update : NetworkManager-kde (NetworkManager-kde-6031)

The knetworkmanager configuration was too permissive and allowed any user to read secrets CVE-2009-0365. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update NetworkManager-kde-6031. The text...

openSUSE 10 Security Update : NetworkManager-gnome (NetworkManager-gnome-6029)

The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users CVE-2009-0578. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...