CVE-2026-12049

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

CVE-2026-12348

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

EUVD-2026-36086

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to...

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads

Affected Products AMD EPYC™ Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ 9004 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded Series Processors AMD EPYC™ Embedded 7003 AMD EPYC™ Embedded 8004 AMD EPYC™ Embedded 9004 AMD EPYC™...

GHSA-V8VW-GW5J-W7M6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dmasetdecrypted failure In TDX, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the return of decrypted/membered pages. Callers...

Astra Linux - уязвимость в intel-microcode

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

CVE-2026-22077 Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

EUVD-2026-25784

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

CVE-2026-22077 Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

CVE-2026-22077

CVE-2026-22077 affects OPPO Wallet. A trusted-domain validation flaw enables bypass of protected interface access, which can lead to account token hijacking and sensitive information disclosure. The CVSS 4.0 vector indicates local attack vector, high confidentiality impact, and no user interactio...

PT-2026-35352

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...

PT-2026-35363

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

CVE-2026-31561 x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

CVE-2026-31470

A flaw was found in the Linux kernel's TDX guest virtualization component. A malicious host can manipulate the 'quote' buffer length, allowing it to specify a response length larger than the guest's allocated memory. This can lead to information disclosure, where sensitive data beyond the intende...