CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

RHCOS 2 : Red Hat OpenShift Enterprise 2.1.9 (RHSA-2014:1906)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1906 advisory. - OpenShift: /proc/net/tcp information disclosure CVE-2014-3602 - Enterprise: gears fail to properly isolate network traffic...

PowMix botnet targets Czech workforce

Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call "PowMix." PowMix employs randomized command-and-control C2 beaconing intervals, rather than persistent...

CVE-2026-1916

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

CVE-2026-1916 WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

EUVD-2006-2706

Malware in sbrugna...

PT-2023-36410 · Gnu +1 · Debian +1

Уязвимость плагина Base gst-plugins-base мультимедийного фреймворка Gstreamer связана с недостаточной защитой служебных данных в результате отсутствия на удаленном хосте обновлений безопасности. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой...

Esphome 访问控制错误漏洞

Esphome is a system to configure and manage smart hardware. It is used to control Esp8266/Esp32 hardware to realize home automation control. An Access Control Error vulnerability exists in ESPHome version 2021.9.1 and prior versions, which originates from a user being vulnerable to an issue where...

CVE-2018-3262

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Stylesheet. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...