Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

CVE-2026-50628

A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This...

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

Description The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit $loaded-unwrap-checkSecurity call in CoreExtension::include so that a template already cached in Environment::$loadedTemplates is re-checked when included with sandboxed = true. The deprecated but still functional %...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated % sandbox % include path. An attacker can bypass Twig sandbox restrictions by including a template that was previously loade...

JunoClaw 操作系统命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper verification of UE Security Capabilities in the PathSwitchRequest messages. An attacker can alter stored security capabilities for any user equipment by sending a crafte...

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

CVE-2026-31634

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...

CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpcserverkeyring This patch fixes a reference count leak in rxrpcserverkeyring by checking if rx-securities is already set...

CVE-2026-2404

CVE-2026-2404 describes an input handling flaw (CWE-116) where improper encoding/escaping of output can lead to log injection and forged logs when an attacker alters the POST /j_security check request payload. The description confirms a network-exposed vector (AV:N) with no user interaction requi...

Improperly Implemented Security Check for Standard

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the sortnatural and sort filters, which bypass the iownPropertyOnly security...

CVE-2026-35181

CVE-2026-35181 affects WWBN AVideo prior to 29.x. The endpoint admin/playerUpdate.json.php does not validate CSRF tokens, and the ORM security check excludes the plugins table via ignoreTableSecurityCheck(), removing the remaining defense. Coupled with SameSite=None cookies, an authenticated admi...