Aggregator

A vulnerability was found in FreePBX up to 16.0.19/17.0.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Recordings Module. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-28287. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in Gogs up to 0.14.1. Impacted is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-26195. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic has been found in Gogs up to 0.14.1. The impacted element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-26022. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Tata Consultancy Services Cognix Recon Client 3.0. It has been declared as critical. This affects an unknown function. The manipulation results in missing authentication. This vulnerability is identified as CVE-2026-26418. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Tata Consultancy Services Cognix Recon Client 3.0. This affects an unknown part. The manipulation leads to weak password recovery. This vulnerability is documented as CVE-2026-26417. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in Tata Consultancy Services Cognix Recon Client 3.0. This impacts an unknown function. Such manipulation leads to authorization bypass. This vulnerability is documented as CVE-2026-26416. The attack can be executed remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Wincor Nixdorf wnBios64.sys 1.2.0.0. This affects an unknown part of the component IOCTL Handler. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-70616. The attack is only possible within the local network. No exploit exists.

A vulnerability was found in ellite Wallos up to 4.6.1. It has been classified as critical. Impacted is an unknown function of the file testwebhooknotifications.php. This manipulation causes server-side request forgery. This vulnerability is registered as CVE-2026-30839. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in ellite Wallos up to 4.6.1. This affects an unknown part of the component Avatar Deletion Endpoint. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-30842. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ellite Wallos up to 4.6.1. The affected element is an unknown function of the component URL Parameter Handler. The manipulation results in path traversal: '\..\filename'. This vulnerability was named CVE-2026-30828. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in ellite Wallos up to 4.6.1. The impacted element is an unknown function of the component Notifications Handler. This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2026-30840. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Freedom Factory dGEN1 up to 20260221. It has been declared as problematic. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. This vulnerability appears as CVE-2026-3671. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. This vulnerability is listed as CVE-2026-3672. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability described as problematic has been identified in bluewave-labs Checkmate up to 3.3.x. Affected by this issue is some unknown functionality of the file /api/v1/status-page/:url of the component Endpoint. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2026-30829. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in Freedom Factory dGEN1 up to 20260221 and classified as critical. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. This vulnerability is cataloged as CVE-2026-3674. The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Are Your Non-Human Identities Leaving Your Cloud Environment Vulnerable? Understanding the significant challenges faced by organizations in managing Non-Human Identities (NHIs) and Secrets Security Management is crucial. One might ask why these concerns have gained prominence. With industries increasingly embrace digital transformation, these machine identities have become critical components in cybersecurity, creating unique challenges and […]

The post What makes secrets management key to safe Agentic AI appeared first on Entro.

The post What makes secrets management key to safe Agentic AI appeared first on Security Boulevard.

Are You Confident in Your NHI Lifecycle Strategy? The advent of cutting-edge technologies in cloud environments has accentuated the importance of Non-Human Identities (NHIs) in cybersecurity. Why do NHIs matter so much, and what steps can organizations take to establish a confident and comprehensive NHI lifecycle strategy? The answers, while not always simple, lie in […]

The post How do I build a confident NHI lifecycle strategy appeared first on Entro.

The post How do I build a confident NHI lifecycle strategy appeared first on Security Boulevard.

How Can Organizations Effectively Protect Non-Human Identities Online? Are your machine identities adequately protected against cyber threats? Where the integrity of digital identity is paramount, the protection of Non-Human Identities (NHIs) requires more than just a basic understanding of cybersecurity. NHIs, integral to online security, demand a comprehensive approach to ensure their protection across diverse […]

The post What methods ensure NHIs are fully protected online appeared first on Entro.

The post What methods ensure NHIs are fully protected online appeared first on Security Boulevard.

Why Small and Mid-Size Businesses Need CIAM in 2026 (And Why the Cost Objection No Longer Holds)

The post Why Small and Mid-Size Businesses Need CIAM in 2026 (And Why the Cost Objection No Longer Holds) appeared first on Security Boulevard.