CGA-RGG4-2V53-M65X

Bulletin has no description...

PT-2026-35352

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...

Apache Airflow Security Bypass Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a security bypass vulnerability that stems from...

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and...

A Mysterious Numbers Station Is Broadcasting Through the Iran War

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose and its operator remain unclear...

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005187)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005187 advisory. In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPBHEADERLEN It is unclear if net/lapb code is supposed to be ready for 8021...

CVE-2026-1059

A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried...

MAL-2026-61 Malicious code in oj-sp-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4192506d43fafb67a79ea826406a174aa2d05bfc74c3df203366e1ec7cdce0af The package oj-sp-common was found to contain malicious code. Source: ghsa-malware 0321cb6ed931a42d70b5f2e4cf235b07bd7ce205d6781729c28cfe5475a1ad9b A...

CVE-2025-15110 jackq XCMS Backend ProductImageController.class.php upload unrestricted upload

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

AI teddy bear for kids responds with sexual content and advice about weapons

In testing, FoloToy’s AI teddy bear jumped from friendly chat to sexual topics and unsafe household advice. It shows how easily artificial intelligence can cross serious boundaries. It’s a fair moment to ask whether AI-powered stuffed animals are appropriate for children. It’s easy to get swept u...

PT-2025-47026

Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...

EUVD-2004-2575

Malware in sbrugna...

advisories

It is an advisory repository for undisclosed vulnerabilities. Th...

EUVD-2025-31627

Malicious code in bioql PyPI...

EUVD-2023-25551

Malicious code in bioql PyPI...

CVE-2025-34228

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...