CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an incorrect update of the lastgc value in the nfconncount module. This vulnerability may lead to an...

CVE-2025-58582 Uncontrolled Resource Consumption via log file

If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged...

Cloud Security Strategies for Healthcare

How to Stay Secure in the Cloud While Driving Innovation and Discovery The healthcare industry is undergoing a transformational shift. Health organizations are traditionally entrenched in an on-prem way of life, but the past three years have plunged them into a digital revolution. A heightened...

SMS Bombing Vulnerability in Air China's Android Client

Air China Android client is an airplane flight inquiry service software. An SMS bombing vulnerability exists in the Air China Android client - Zhiyin Mall at the order submission. An attacker is allowed to replay this interface for SMS bombing, which constitutes system resource consumption...