CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

CVE-2026-8631

HP Linux Imaging and Printing Software is affected by CVE-2026-8631 due to an integer overflow in the hpcups processing path when handling crafted print data. The issue could enable privilege escalation and/or arbitrary code execution. Available connected docs confirm the vulnerability descriptio...

CVE-2026-8631

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data...

CVE-2026-8631 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data...

CVE-2026-8487

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

EUVD-2026-31136

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow

In this article 1. Why we are investing in this 2. RAMPART: Continuous safety testing for agentic AI 3. Clarity: Helping check software engineering assumptions 4. RAMPART and Clarity available now The AI systems shipping inside enterprises today are fundamentally different from the ones we were...

CVE-2026-5783

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...

EUVD-2026-31122

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...

CVE-2026-8488

CVE-2026-8488 describes an allocation of resources without limits or throttling in Progress Software MOVEit Automation. Affected versions are MOVEit Automation prior to 2025.0.11 and from 2025.1.0 prior to 2025.1.7. The NVD entry lists a base CVSSv3.1 score of 7.5 (high) with network attack vecto...

EUVD-2026-31121

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours...

EUVD-2025-209906

Cross-Site request forgery CSRF vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

RHSA-2026:19027 Red Hat Security Advisory: grafana security update

Bulletin has no description...