CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI

Diving into the first pillar of the AI Threat Readiness Framework and how Wiz helps...

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

Astra Linux - уязвимость в linux, linux-5.10

A flaw in the processing of received ICMP errors such as ICMP fragments and ICMP redirections within the Linux kernel’s functionality was identified. This flaw allows an off-path remote user to quickly scan open UDP ports. This vulnerability enables a remote user to bypass the UDP source port...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed SRCU protection for the nvmenshead list The process of walking the nvmenshead siblings list is protected by the srcu of the head in nvmensheadsubmitbio, but not in nvmempathrevalidatePaths. Removing namespaces from...

zparty

Zparty Automated web penetration testing framework with loc...

AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...

EUVD-2026-28719

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

secscan

secscan !PyPI versionhttps://img.shields.io/pypi/v/secsca...

CVE-2026-43307

The CVE concerns the Linux kernel iio: accel: adxl380 driver. The interrupt handler can miscalculate FIFO entries because the sensor fills FIFO one sample at a time while batches are read, causing the FIFO status to report a non-multiple of N. This can cause the driver to read more entries than p...

Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

Use of Incorrectly-Resolved Name or Reference

Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker wh...

Hydra Network Logon Cracker 9.7

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...

Exploit for CVE-2024-8503

vicidial-cve-2024-8503-blind-sqli-p...

EUVD-2026-26086

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from flaws in the plugin installation process, and failed security scans did not prevent the installation...

PT-2026-35762

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A fail-open issue exists in the plugin installation flow where security scan failures do not block the installation process. This allows attackers to install untrusted plugins if operators choos...

PT-2026-34813

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...