[R2] Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities
Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/14/2026 - 13:00
Tenable Network Monitor leverages third-party software to help provide underlying...
aria2c Improper Certificate Validation
aria2c Improper Certificate Validation Tenable Research discovered that aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a...
wget2 Improper Certificate Validation
wget2 Improper Certificate Validation Tenable Research discovered that wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If...
Spring AI SQL Injection in PgVectorStore and friends
Spring AI SQL Injection in PgVectorStore and friends PgVectorStore, OracleVectorStore, and CouchbaseSearchVectorStore concatenate filter expression output directly into SQL without parameterization, enabling tenant isolation...
[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion
Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:30
A vulnerability has been identified in Nessus on...
[R1] Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion
Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:10
A vulnerability has been identified in Nessus Agent on...
Yuma AI – Unauthenticated personal data and order information disclosure
Yuma AI - Unauthenticated personal data and order information disclosure A vulnerability was identified in Yuma AI Chat AI (a chatbot), a SaaS solution...
Microsoft GitHub Repository Windows-driver-samples Workflow Remote Code Execution
Microsoft GitHub Repository Windows-driver-samples Workflow Remote Code Execution The GitHub public repository at https://github.com/microsoft/Windows-driver-samples has a GitHub Action configured which allows for Remote Code...
Flowise – Path Traversal in Vector Store basePath
Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and...
Flowise – Cypher Injection in GraphCypherQAChain
Flowise - Cypher Injection in GraphCypherQAChain The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker...
Latest article
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure
Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for...
Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience
Gartner SRM 2026 put resilience, identity, and AI agent governance at the center of cybersecurity strategy as prevention loses ground.
The post Gartner SRM 2026...
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts - Read more
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. - Read more
