Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

PT-2026-33745

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /? route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has bee...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

Linux Distros Unpatched Vulnerability : CVE-2026-41015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the...

CVE-2026-6568 kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

.NET 10.0 security update

An update is available for dotnet10.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...

Linux Distros Unpatched Vulnerability : CVE-2026-35512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to missed detection of local async exec completion events during heartbeat owner downgrade. An attacker can maintain a process in a mor...

CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

EUVD-2026-23446

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: postgresql18: postgresql-18.3-1.2.hum1 aarch64, x8664 postgresql-contrib-18.3-1.2.hum1 aarch64, x8664 postgresql-docs-18.3-1.2.hum1 aarch64, x8664 postgresql-plperl-18.3-1.2.hum1 aarch64, x8664...

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

The National Institute of Standards and Technology NIST has announced changes to the way it handles cybersecurity vulnerabilities and exposures CVEs listed in its National Vulnerability Database NVD, stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE...

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

UBUNTU-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...