FREEDOM Administration - Default Login

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

EUVD-2026-33706

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

PT-2026-45473

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33871)

Summary There is a vulnerability in netty-codec-http2-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672

Summary IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33671...

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...

Denial of Service (DoS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of system resources. An attacker can cause the application to become unresponsive by sending specially crafted requests that...

CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

An Automated Framework for Cybersecurity Policy Compliance Assessment against Security Control Standards

Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result,...

Important: Red Hat Security Advisory: General availability of the satellite/iop-puptoo-rhel9 container image

A new satellite/iop-puptoo-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image

A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...

Injection in Confluence Data Center

This High severity Injection vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...

BASM (Broken Authentication & Session Management) in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0,...

vulnhub-writeups

VulnHub Writeups Author: Roman Mares Company: Delt...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...