EUVD-2026-30420

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path...

Advisory ROSA-SA-2026-3280

software: etcd 3.6.10 OS: ROSA-CHROME unaffected versions = etcd-3.6.10-1 affected versions etcd-3.6.10-1 CVE-ID: CVE-2026-33343 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in etcd allows an authenticated user with limited RBAC rights to bypass key-level authorization using nested...

PT-2026-37308

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 Description An authorization bypass exists because the PageSecurityCheckAttribute is implemented as a ResultFilterAttribute, which executes after the page handler completes. Consequently, any...

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

EUVD-2026-13968

OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

PT-2026-26743

OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CheckTxnAuth function. A user with RBAC restricted permissions on key ranges can gain unauthorized access to the entire data store by bypassing key-level authorization checks using nested transactions...

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveragi...

Oracle Access Manager (January 2026 CPU)

The 12.2.1.4.0 and 14.1.2.1.0 versions of Access Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Webserver Plugin Intel C++...

About the security content of iOS 26.2 and iPadOS 26.2

About the security content of iOS 26.2 and iPadOS 26.2 This document describes the security content of iOS 26.2 and iPadOS 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

CVE-2025-62647

CVE-2025-62647 affects the Restaurant Brands International (RBI) assistant platform up to 2025-09-06. The issue is that it can return a JWT that enables calling an API to obtain a signed AWS upload URL for any store path, potentially exposing upload endpoints. This vulnerability is described acro...

EUVD-2008-5400

Malware in sbrugna...

Cannot Add Store to Workspace App, Errors "Your Apps are not available at this time."

Cannot add store to workspace app Your Apps are not available at this time. Please try again in a few Minutes or contact your help desk with this information: Cannot Contact Store...

CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store...

CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store...

Execution with Unnecessary Privileges in arc-electron

Impact When the end-user click on the response header that contains a link the target will be opened in ARC new window. This window will have the default preload script loaded which allows the scripts embedded in the link target to execute any logic that ARC has access to from the renderer proces...

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

SUSE-SU-2019:0499-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store bsc1111177 - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts bsc1114710 - CVE-2018-16889: rgw: sanitize customer encryption keys from...

November 8, 2016 — KB3198586 (OS Build 10586.679)

November 8, 2016 — KB3198586 OS Build 10586.679 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11...

Unable to access Worx Store and getting errors "could not load store"

On iOS Device while accessing store "cannot complete your request" error message. On Android while accessing store getting error message while accessing store "could not load store" SecureHub Logs "2017-02-02T16:09:51.998+0400","SecureHub","ERROR...