GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

Lessons from Penetration Tests on Large-Scale Agent Systems

As AI systems gain increasing autonomy and execution capability, the number of discovered security vulnerabilities continues to rise. However, many of these vulnerabilities are not fundamentally novel, but instead reflect recurring classes of weaknesses long observed in prior computing systems...

ROS-20260524-73-0020

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0016

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0025

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0024

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0022

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0019

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

ROS-20260524-73-0017

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

report-anonymizer

🛡️ Report Anonymizer Local LLM anonymizer for penetration-t...

CLSA-2026-1778618041 freeipmi: Fix of CVE-2026-33554

CVE-2026-33554: fix buffer overflows in ipmi-oem response handling for dell get-last-post-code, supermicro extra-firmware-info, and wistron read-proprietary-string subcommands...

CLSA-2026-1778617167 freeipmi: Fix of CVE-2026-33554

CVE-2026-33554: fix buffer overflows in ipmi-oem response handling for dell get-last-post-code, supermicro extra-firmware-info, and wistron read-proprietary-string subcommands...

ROS-20260512-73-0033

Vulnerability in ruby related to lack of protection of proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Forensic Analysis of Video Data Deletion and Recovery in Honeywell Surveillance File System

Real-time video surveillance systems store recorded video using digital video recorders DVRs and network video recorders NVRs. To support continuous high-volume video storage, these devices employ specialized, nonstandard file systems that are often proprietary and undocumented. This lack of...

ROS-20260420-73-0036

Vulnerability in mediawiki due to lack of protection for proprietary data. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freeipmi (UTSA-2026-007097)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007097 advisory. ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a...

Combating Data Laundering in LLM Training

Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...

OESA-2026-1737 freeipmi security update

The package provides "Remote-Console" and "System Management software" based on intelligent platform management interface specification. Security Fixes: ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI...

EUVD-2026-14899

ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system...

CVE-2026-33554

ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...