CVE-2026-32424 WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through = 3.2.2...

MAL-2026-1395 Malicious code in dell-fusion-core-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d5d156081b9f33279287f433edff50b49a63fa67e0da031c374075fde1cc24f The package dell-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...

BELL-CVE-2026-3904 CVE-2026-3904 does not affect BellSoft software

Bulletin has no description...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 跨站脚本漏洞

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM. IBM Sterling B2B Integrator is a software suite that integrates critical B2B processes, transactions, and relationships. This software supports secure integration of complex B2B...

PT-2026-25238

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creatives Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...

PT-2026-25389

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf rc is enabled on a CRSF serial port, an...

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hardcoded credentials, which could allow access to functions that are not properly constrained by ACLs...

.NET 9.0 security update

9.0.115-1.0.1 - Add support for Oracle Linux 9.0.115-1 - Update to .NET SDK 9.0.115 and Runtime 9.0.14 - Resolves: RHEL-152941...

TencentOS Server 4: munge (TSSA-2026:0139)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0139 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2025-208615

Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address...

CVE-2025-13913

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

CVE-2025-13913

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

CVE-2025-13913

The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...

CVE-2025-13913 Inductive Automation Ignition Software Deserialization of Untrusted Data

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code...

Apple patches Coruna exploit kit flaws for older iOS versions

On March 3, 2026, Google warned about a powerful exploit kit targeting Apple iPhone models running iOS version 13.0 released in September 2019 up to version 17.2.1 released in December 2023. In the latest security updates, Apple patched the vulnerabilities used in the Coruna exploit kit for older...

CVE-2026-31841

Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

EUVD-2026-10397

ImageMagick has heap-based buffer overflow in UHDR encoder...

EUVD-2026-10389

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write...