CVE-2026-4682

HP DeskJet All-in-One devices may be vulnerable to remote code execution due to a buffer overflow in processing specially crafted Web Services for Devices (WSD) scan requests. Affected component is the WSD handling in HP MFPs. Root cause: improper validation/handling of WSD scan requests leading ...

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices WSD scan requests are improperly validated and handled by the MFP. As a temporary mitigation measure for the buffer overflow vulnerability,...

PT-2026-33056

Name of the Vulnerable Software and Affected Versions Lenovo Diagnostics affected versions not specified Lenovo Vantage HardwareScanAddin affected versions not specified Description An issue exists in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage. During installation or whil...

SUSE-SU-2026:1325-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

CVE-2026-33659

EspoCRM 9.3.3 and earlier are affected by SSRF via POST /api/v1/Attachment/fromImageUrl (and fromImageUrl) due to a DNS rebinding (TOCTOU) flaw. Host validation uses dns_get_record(), but the actual HTTP request resolves with curl’s internal resolver (gethostbyname()), allowing mismatched IP look...

EUVD-2026-22083

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

auditor-v1

🔐 Web Security Auditor v2.0 Mini BurpSuite / OWASP ZAP hech...

Deep Scan: Expanding Vulnerability Detection Beyond Traditional Boundaries

Security teams estimate that a significant percentage of enterprise software is installed outside standard system directories or package-managed locations, creating persistent visibility gaps for traditional vulnerability-scanning methods. As environments become more decentralized, with...

`microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

RUSTSEC-2026-0102 `microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

SkillCyberPunk

Security Vulnerability Scanner A Claude Code plugin that auto...

Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...

Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization

Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...

GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

Your extensions leak clues about you, so we made sure Browser Guard doesn’t

Did you know you can be profiled based on the browser extensions you use? Advertisers can detect which extensions are installed and use that to build a picture of the kind of user you are. For instance, do you pride yourself on being a good online shopper who never pays full price? Maybe you use ...

Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...