Langflow – Missing Authorization on download_image endpoint
Langflow - Missing Authorization on download_image endpoint The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download...
Botpress – Credential Disclosure via Twilio Webhook Handler
Botpress - Credential Disclosure via Twilio Webhook Handler The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.When processing media messages,...
Midday – Authorization Bypass
Midday - Authorization Bypass On midday, the 'updateMember' tRPC mutation allows any authenticated team member to modify the role of any other member within...
mod_gnutls Multiple Vulnerabilities
mod_gnutls Multiple Vulnerabilities Multiple vulnerabilities exist in mod_gnutls. CVE-2026-33307 Stack-based Buffer Overflow in Client Certificate Chain Processing CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5)A client certificate chain with more than 8...
[R1] Stand-alone Security Patch Available for Tenable OT version 4.2.40: tenable-ot-platform-137
Stand-alone Security Patch Available for Tenable OT version 4.2.40: tenable-ot-platform-137 Jason Schavel Thu, 03/19/2026 - 15:06
An SSH misconfigurations exists in Tenable OT...
Google Cloud Platform (GCP) BigQuery Cross Tenant Data Sources Exfiltration through Canvas Assistant
Google Cloud Platform (GCP) BigQuery Cross Tenant Data Sources Exfiltration through Canvas Assistant The vulnerability stems from a flaw in how Gemini in BigQuery...
Delta Electronics COMMGR Multiple Vulnerabilities
Delta Electronics COMMGR Multiple Vulnerabilities Multiple vulnerabilities exist in Delta Electronics COMMGR version 2.11.0.Stack-based Buffer Overflow Via Message 3 (CVE-2026-3630)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)A specially crafted...
Nginx UI – Unauthenticated Backup Download with Encryption Key Disclosure
Nginx UI - Unauthenticated Backup Download with Encryption Key Disclosure The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to...
Samsung MagicINFO Server Multiple Vulnerabilities
Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were...
Google Cloud Platform (GCP) Eventarc PE to Service Agent with Pipelines
Google Cloud Platform (GCP) Eventarc PE to Service Agent with Pipelines Tenable Research has identified and responsibly disclosed a critical privilege escalation vulnerability in...
Latest article
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure
Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for...
Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience
Gartner SRM 2026 put resilience, identity, and AI agent governance at the center of cybersecurity strategy as prevention loses ground.
The post Gartner SRM 2026...
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts - Read more
CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. - Read more
