Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

CVE-2026-3207

The CVE concerns TIBCO BPM Enterprise (4.x) JMX security: a configuration issue allows unauthorized access. Affected component is Java Management Extensions (JMX) handling in BPM Enterprise. The CVSS v4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N, CIA impacts: Confidentiality HIGH, Integrity HIGH, Availab...

JLSEC-2025-301 A flaw was found in tiffcrop, a program distributed by the libtiff package

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

Espressif ESP-IDF Buffer Error Vulnerability

Espressif ESP-IDF is an IoT development framework from China's Lexin Information Technology Espressif. A buffer error vulnerability exists in Espressif ESP-IDF, which can be exploited by attackers to crash an application. The following products and versions are affected: Espressif ESP-IDF 2.x,...

You can change the Elastic Layer repository in the registry without reimaging (4.x)

...

Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

DBD::mysql content misreference vulnerability

DBD::mysql is a Perl5 Database Interface DBI driver for MySQL. A content misreference vulnerability exists in DBD::mysql version 3.x and version 4.x prior to 4.041. An attacker can exploit this vulnerability to execute arbitrary code...

PT-1999-1160 · Unknown +2 · Midnight Commander +1

Name of the Vulnerable Software and Affected Versions: Midnight Commander versions 4.x Description: The issue allows local attackers to conduct a denial of service with a symlink attack. Recommendations: For Midnight Commander versions 4.x, at the moment, there is no information about a newer...