745 matches found
Security Bulletin: Denial of service, security controls bypass, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to denial of service, security controls bypass, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving certain custom...
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...
CVE-2026-33807
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...
What Is a Risk-Based Vulnerability Management Platform?
A vulnerability scanner tells you where the cracks are in your defenses, but it doesn't tell you which ones an attacker will actually use. To truly understand your exposure, you need to see your network from their perspective. How can a low-severity flaw on one server be combined with a...
Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)
Understanding and defending your GitHub Actions - from threat model to security controls...
Security Implications of 5G Communication in Industrial Systems
Traditionally, industrial control systems ICS were designed without security in mind, prioritizing availability and real-time communication. As these systems increasingly become targets of powerful adversaries, security can no longer be neglected. Driven by flexibility and automation needs, ICS a...
CVE-2026-24880
A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...
sql-bypass
No d...
CVE-2026-34769
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
EUVD-2026-18857
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...
Undertow is Vulnerable to HTTP Request/Response Smuggling
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
CVE-2026-28368
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
CVE-2026-21294
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime.
Summary IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime CVE-2026-21945, CVE-2026-21933, CVE-2026-21932, CVE-2026-21925, CVE-2026-1188. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...
Use Of Incorrectly-Resolved Name Or Reference
github.com/apptainer/apptainer is vulnerable to Use of Incorrectly-Resolved Name or Reference. The vulnerability is due to improper enforcement of the --security option, which allows an attacker to disable AppArmor or SELinux restrictions and bypass container security controls...
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how...
PT-2026-41035
Name of the Vulnerable Software and Affected Versions Portainer versions 2.33.0 through 2.33.7 Portainer versions 2.39.0 through 2.39.1 Portainer versions 2.40.0 through 2.40.x Portainer versions prior to 2.33.0 Description An authorization bypass exists in the Docker API proxy layer where plugin...
How Hive Pro Brings Comprehensive Security to CrowdStrike and SentinelOne
& How HivePro Vulnerability Exposure Management VEM extends and amplifies the value of your existing endpoint security/EDR investments - turning detection strength into enterprise-wide vulnerability and exposure intelligence. The Challenge Your EDR is world-class. Your exposure visibility isn't...
EUVD-2026-11053
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...