Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report

New York, United States, 19th May 2026, CyberNewswire...

WordPress Sticky plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sticky versions = 2.5.6...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

xiangshan-bpu-asid-poc

XiangShan Cross-ASID BPU Leak PoC Minimal proof of concept fo...

ScadaBR

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

PT-2026-41887

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

Nozomi Networks CMC和Nozomi Networks Guardian 安全漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have security...

CVE-2026-6347

creationtimestamp| type| source ---|---|--- 2026-05-18 18:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm5hfwtbe42w 2026-06-01 11:03:18+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mn7wm6okxp2t...

Exploit for Origin Validation Error in Langflow

CVE-2025-34291corssecurityscanner A lightweight Python-base...

CVE-2026-4643

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

CVE-2026-6477

creationtimestamp| type| source ---|---|--- 2026-05-18 06:01:20+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-postgresql-1 2026-05-18 16:37:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mm5cq7rw6u25...

EUVD-2026-30729

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

OSV-2026-767 Heap-use-after-free in gf_sg_reset

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513912488 Crash type: Heap-use-after-free READ 8 Crash state: gfsgreset gfsgdel fuzzscene.c...

OSV-2026-762 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783540 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

EUVD-2026-30704

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

EUVD-2026-30695

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

EUVD-2026-30682

A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and...

EUVD-2026-30677

A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogssbidiscoveryoptionparseplmnlist in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be executed...

OSV-2026-760 Heap-buffer-overflow in md_decode_utf8__

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513677122 Crash type: Heap-buffer-overflow READ 1 Crash state: mddecodeutf8 mdskipunicodewhitespace mdlinklabelhash...