CVE-2025-12694

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

CVE-2025-12694 Local Privilege Escalation in VPN Client

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

CVE-2025-12694

Forcepoint VPN Client for Windows is affected by a local privilege escalation (CVE-2025-12694) that allows a local non-administrative user to escalate privileges to SYSTEM. Affected versions: Windows client 6.11.3 and prior. The vulnerability is local with low attack complexity and no user intera...

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

CVE-2026-50206 VPN Command Injection Vulnerability

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

CVE-2026-50206

CVE-2026-50206 affects VPN network profile handling where special characters in config files are not safely processed, enabling command injection. Root cause: improper sanitization or parsing of config entries leads to execution of injected commands when reading malicious config files. Documented...

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

PT-2026-46157

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

PT-2026-46132

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomize password job exists solely ...

PT-2026-46182

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements (CVE-2026-9837)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements CVE-2026-9837 Vulnerability Details CVEID:CVE-2026-9837 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements. CWE:CWE-89: Imprope...

EUVD-2026-34033

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...

kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild

A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface VSI rebuild process. This flaw occurs when the Precision Time Protocol PTP periodic work attempts to access uninitialized memory, leading to a NULL point...

CVE-2026-34193

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...