goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010990)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010990 advisory. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in...

PT-2026-34112

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability was due to improper session timeout settings, which could cause Web users with SAML configurations t...

PT-2026-34149

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

PT-2026-34225

Name of the Vulnerable Software and Affected Versions free5GC AMF versions prior to 1.4.3 Description The HTTPUEContextTransfer handler in internal/sbi/api communication.go lacks a default case in the Content-Type switch statement. If a request is sent with an unsupported Content-Type, the...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

PT-2026-34130

Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft component: Projects. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011002)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011002 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013241 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013293)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013293 advisory. In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by user...

Oracle PeopleSoft Enterprise HCM Human Resources 安全漏洞

Oracle PeopleSoft Enterprise HCM Human Resources is a human resources management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Human Resources contains a security vulnerability. This vulnerability stems from issues with the Job Profile Manager component,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013092)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013092 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012985 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...

API Security Testing and Vulnerability Assessment

APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...

SUSE-SU-2026:1482-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273...

[SECURITY] Fedora 42 Update: incus-6.23-3.fc42

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

ROS-20260420-73-0027

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...