CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

SUSE CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability

...

PT-2026-6295

Name of the Vulnerable Software and Affected Versions Terraform / OpenTofu Provider versions prior to 0.93.1 Description The Terraform / OpenTofu Provider for Proxmox Virtual Environment, prior to version 0.93.1, contains an insecure sudoer line in its SSH configuration documentation. This...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

HashiCorp Vault Terraform Provider 安全漏洞

HashiCorp Vault Terraform Provider is a key management tool from HashiCorp USA. A security vulnerability exists in the HashiCorp Vault Terraform Provider that stems from an insecure default configuration that could lead to authentication bypass...

SUSE-SU-2025:3942-1 Security update for qatengine, qatlib

This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365 CVE-2024-31074 bsc1233366 CVE-2024-33617 Update to 1.7.0: ipp-crypto name change to cryptography-primitives QATSW G...

Malicious code in @fm-plugin/dynamic-module-provider (npm)

The package @fm-plugin/dynamic-module-provider was found to contain malicious code...

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +126 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.77)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

Linux Distros Unpatched Vulnerability : CVE-2023-53092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: interconnect: exynos: fix node leak in probe PM QoS error path Make sure to add the newly...

CVE-2025-33062

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-24069

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

SAGA: a Security Architecture for Governing AI Agentic Systems

Large Language Model LLM-based agents increasingly interact, collaborate, and delegate tasks to one another autonomously with minimal human interaction. Industry guidelines for agentic system governance emphasize the need for users to maintain comprehensive control over their agents, mitigating...

CVE-2024-43519

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

Apache Airflow Cross-site Scripting Vulnerability

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the...

CVE-2024-41937

The CVE concerns Apache Airflow versions before 2.10.0, where a stored XSS vulnerability exists in the provider link workflow. If a malicious provider is installed on the web server, a user who clicks a provider documentation link can trigger script execution, enabling an attacker to perform a cr...

CVE-2024-7128

CVE-2024-7128 — OpenShift Console unauthenticated data exposure is evidenced by multiple sources in the connected documents. The OpenShift console contains endpoints guarded by authHandler() and authHandlerWithUser(), which under the default openShiftAuth provider perform no authentication checks...