9458 matches found
CVE-2025-61310
A reflected XSS vulnerability (CVE-2025-61310) affects the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The root cause is an unfiltered variable value that allows injected JavaScript to execute in a user’s browser. CVSS v3.1 base score is 6.1 (Medium) ...
CVE-2025-61314
A reflected cross-site scripted XSS vulnerability in the dfm-menuorderopt.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.5 to 2026.4.20 contained a security vulnerability. This vulnerability was caused by environmental variable injection, which could lead to the dotenv workspace overriding...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017478)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017478 advisory. A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, usi...
CVE-2025-61312
CVE-2025-61312 is a reflected XSS in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The vulnerability arises from unfiltered input in a variable value, allowing an attacker to inject arbitrary Javascript to be executed in a user’s browser. Connected d...
Wireshark MCP 路径遍历漏洞
Wireshark MCP is a network packet intelligence analysis tool developed by Bpple’s individual developer. Versions of Wireshark MCP 1.1.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the wiresharkexportobjects MCP tool accepting a destdir parameter controlle...
CVE-2025-61305
CVE-2025-61305 describes a reflected XSS in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The root cause is that an unfiltered variable value can be crafted by an attacker to inject arbitrary Javascript and execute it in a victim’s browser. This vul...
PT-2026-39681
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX API HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization header...
Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning
We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...
EUVD-2026-28935
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...
AI-Accelerated Brute Force Cryptanalysis
Modern cryptography is hinged on "not learning from mistakes": trying numerous wrong keys, should not help one identify the right key. Indeed, it worked -- until recently when the surprising power of AI to see pattern in apparent randomness has turned the 'wrong plaintexts' generated by the 'wron...
GHSA-WFR5-454P-MJC2 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...
Improper Certificate Validation
Overview OpenTelemetry.Exporter.Instana is an Instana Exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Certificate Validation in the ConfigureBackendClient process when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. An attack...
CVE-2026-43291
A flaw was found in the Linux kernel's Near Field Communication NFC NCI subsystem. Incorrect parameter validation for variable-length packet data can lead to communication failures with NCI NFC chips. This issue, stemming from an attempt to prevent access to uninitialized data, results in a Denia...
EUVD-2026-28561
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
UBUNTU-CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43291 net: nfc: nci: Fix parameter validation for packet data
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...