Aggregator

Submit #825419 / VDB-367572

A vulnerability classified as critical has been found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. This vulnerability is cataloged as CVE-2026-10277. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. It is suggested to install a patch to address this issue.

Submit #825418 / VDB-367571

A vulnerability described as critical has been identified in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2026-10276. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #825416 / VDB-367570

A vulnerability marked as critical has been reported in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2026-10275. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to apply a patch to fix this issue.

Гигантская спираль блекнет на пути к самой знаменитой черной дыре Вселенной.

Submit #825412 / VDB-367569

Submit #825403 / VDB-367568

Submit #825402 / VDB-367231

演示一个不那么优美但能用的解法，抛砖引玉。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A threat actor using the alias 2019 claims to have leaked a database allegedly belonging to Hampr, an Australian workplace food and catering management platform used by businesses to organise office meals, corporate catering, pantry supplies, and workplace events.

作为一个一行安卓代码也看不懂的人，用Claude Code和Codex花了40亿token，从架构到交互到UI到图标，把一个停更多年的开源项目重构成了一个全新的双开工具。

A vulnerability, which was classified as critical, has been found in Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59. This affects an unknown function of the component Security. Performing a manipulation results in improper input validation. This vulnerability is cataloged as CVE-2021-44832. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Oracle Retail Customer Insights 15.0.2/16.0.2. The impacted element is an unknown function of the component Other. The manipulation results in improper input validation. This vulnerability is known as CVE-2021-44832. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle Retail Data Extractor for Merchandising 15.0.2/16.0.2. This affects an unknown function of the component Installer. This manipulation causes improper input validation. This vulnerability is handled as CVE-2021-44832. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Oracle Retail EFTLink 17.0.2/18.0.1/19.0.1/20.0.1/21.0.0. This impacts an unknown function of the component Installation. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2021-44832. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Oracle Retail Financial Integration 14.1.3.2/15.0.3.1/16.0.3/19.0.0/19.0.1. Affected is an unknown function of the component PeopleSoft Integration Bugs. Performing a manipulation results in improper input validation. This vulnerability was named CVE-2021-44832. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle Retail Integration Bus 14.1.3.2/15.0.3.1/16.0.3/19.0.0/19.0.1. Affected by this vulnerability is an unknown functionality of the component RIB Kernal. Executing a manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2021-44832. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.