Briefs

Multiple vulnerabilities in Fleet allow an attacker to perform SQL injection, denial of service, bypass security measures, disclose information, and execute arbitrary program code with administrator privileges.

Multiple vulnerabilities in Grafana allow a remote attacker to conduct a denial-of-service attack, execute code, or disclose information.

Detection of PowerShell scripts modifying the msDS-ManagedAccountPrecededByLink attribute, potentially indicating exploitation of the BadSuccessor privilege escalation vulnerability in Windows Server 2025.

An authenticated, remote attacker can exploit a vulnerability in Langflow to manipulate files, potentially leading to unauthorized data modification or application compromise.

CVE-2026-5128 exposes sensitive Steam account data via the /users API endpoint and logs in ArthurFiorette steam-trader 2.1.1, allowing account takeover.

An anonymous, remote attacker can exploit multiple vulnerabilities in OpenBao to bypass security measures or conduct cross-site scripting attacks.

Multiple vulnerabilities in Dovecot can be exploited by an attacker to perform SQL injection attacks, bypass authentication, disclose sensitive information, or cause a denial-of-service condition.

Multiple vulnerabilities in Internet Systems Consortium BIND can be exploited by a remote attacker to conduct a denial of service attack or bypass security measures.

Multiple vulnerabilities in NGINX Plus and NGINX can be exploited by an attacker to perform a denial of service attack, manipulate data, bypass security measures, and potentially execute arbitrary program code, leading to significant impact.

Multiple vulnerabilities in F5 BIG-IP and F5OS allow an attacker to bypass security mechanisms, escalate privileges, cause a denial-of-service condition, perform a cross-site scripting attack, and disclose or manipulate information.

Gigabyte Control Center has an Arbitrary File Write vulnerability (CVE-2026-4415) that allows unauthenticated remote attackers to write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

CVE-2026-2328 describes a vulnerability where an unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, leading to the exposure of sensitive information.

An integer overflow vulnerability in Tinyproxy's HTTP chunked transfer encoding parser (versions <= 1.11.3) allows an unauthenticated remote attacker to cause a denial of service by sending a crafted chunk size that bypasses validation, leading to resource exhaustion.

CrowdStrike Falcon Cloud Security enhances its CNAPP capabilities, incorporating adversary intelligence to prioritize cloud risks based on threat actor behavior, particularly focusing on groups like LABYRINTH CHOLLIMA and SCATTERED SPIDER, to enable security teams to understand and remediate cloud exposures more effectively.

CrowdStrike is introducing new capabilities to secure AI agents and govern shadow AI across endpoints, SaaS, and cloud environments by providing detection and response (AIDR) for desktop AI applications, discovery of AI-related components, and runtime security for agents built in Microsoft Copilot Studio to combat attacks like living off the AI land (LOTAIL) by securing the agentic interaction layer.

The aquasecurity/trivy-action GitHub Action was compromised via git tag repointing, injecting a multi-stage credential stealer into CI/CD pipelines, allowing for the theft of secrets and credentials.

GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.

Xiongmai DVR/NVR devices are vulnerable to root OS command injection (CVE-2026-34005) due to shell metacharacters in the HostName value, exploitable via an authenticated DVRIP request, potentially allowing arbitrary command execution with root privileges.

The openclaw package versions 2026.3.24 and earlier are vulnerable due to the gateway plugin subagent fallback `deleteSession` function dispatching `sessions.delete` with a synthetic `operator.admin` runtime scope, potentially leading to unauthorized session deletion.

A remote, unauthenticated attacker can bypass Traefik deny rules by sending malformed gRPC requests with a missing leading slash in the `:path` pseudo-header, exploiting a vulnerability in the gRPC-Go dependency, leading to unauthorized access if a fallback "allow" rule is configured.

A vulnerability in the antchfx/xpath package allows for denial of service via CPU exhaustion by exploiting boolean expressions that evaluate to true, leading to an infinite loop.

A stack-based buffer overflow vulnerability (CVE-2026-5046) in Tenda FH1201 version 1.2.0.14(408) allows remote attackers to execute arbitrary code by manipulating the GO argument in the formWrlExtraSet function of the /goform/WrlExtraSet component.

CrowdStrike's Falcon Next-Gen SIEM now supports third-party EDR solutions, starting with Microsoft Defender, to extend AI-native SOC capabilities without replacing existing endpoint agents.

A stack-based buffer overflow vulnerability (CVE-2026-5044) in Belkin F9K1122 version 1.00.33 allows remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the formSetSystemSettings function, potentially leading to complete system compromise.

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials in pairing setup codes, allowing attackers with access to leaked codes to reuse credentials and gain unauthorized access.

OpenClaw before 2026.3.13 is vulnerable to a replay attack during device pairing verification, allowing attackers to repeatedly verify a bootstrap code and escalate privileges to operator.admin.

OpenClaw before 2026.3.11 is vulnerable to an approval integrity issue (CVE-2026-32979) allowing attackers to execute arbitrary code by modifying approved local scripts before they are executed.

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents and extract sensitive information.

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.

OpenClaw before 2026.3.12 is vulnerable to an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing unauthenticated network attackers to inject forged Feishu events and trigger downstream tool execution.