๐จ CVE-2026-0275
A local privilege escalation vulnerability in Palo Alto Networks Prismaยฎ Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges.
This issue only affects Prismaยฎ Browser on macOS.
๐@cveNotify
A local privilege escalation vulnerability in Palo Alto Networks Prismaยฎ Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges.
This issue only affects Prismaยฎ Browser on macOS.
๐@cveNotify
Palo Alto Networks Product Security Assurance
PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026)
Palo Alto Networks incorporated the following Chromium security fixes into our products:
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
* https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
๐จ CVE-2026-0277
An improper certificate validation vulnerability in the Prismaยฎ Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
๐@cveNotify
An improper certificate validation vulnerability in the Prismaยฎ Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected.
๐@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS
An improper certificate validation vulnerability in the Prismaยฎ Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic.
The Prisma Access Agent...
The Prisma Access Agent...
๐จ CVE-2026-0278
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.
The Prisma Access Agent on macOS is not affected.
๐@cveNotify
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.
The Prisma Access Agent on macOS is not affected.
๐@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.
The Prisma Access Agen...
The Prisma Access Agen...
๐จ CVE-2026-15270
A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
ๆ ่ท่็ Notion on Notion
DIR823G V1.0.2B05_20181207 | Notion
Misconfiguration in DIR823G
๐จ CVE-2026-53550
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relatively small payload (tens of KB), resulting in denial of service. The issue is in merge handling inside lib/loader.js. This vulnerability is fixed in 4.2.0 and 3.15.0.
๐@cveNotify
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing (<<) by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relatively small payload (tens of KB), resulting in denial of service. The issue is in merge handling inside lib/loader.js. This vulnerability is fixed in 4.2.0 and 3.15.0.
๐@cveNotify
GitHub
Quadratic-complexity DoS in merge key handling via repeated aliases
### Summary
A crafted YAML document can trigger algorithmic CPU exhaustion in `js-yaml` merge-key processing (`<<`) by repeating the same alias many times in a merge sequence.
This causes...
A crafted YAML document can trigger algorithmic CPU exhaustion in `js-yaml` merge-key processing (`<<`) by repeating the same alias many times in a merge sequence.
This causes...
๐จ CVE-2026-44936
Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
๐@cveNotify
Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
๐@cveNotify
GitHub
CVE-2026-44936 - GitHub Advisory Database
Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
๐จ CVE-2026-44937
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
๐@cveNotify
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
๐@cveNotify
GitHub
Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
### Impact
A vulnerability has been identified in Fleet when the webhook endpoint is configured without a secret; an attacker can forge webhook requests. The attacker doesn't need to know the ...
A vulnerability has been identified in Fleet when the webhook endpoint is configured without a secret; an attacker can forge webhook requests. The attacker doesn't need to know the ...
๐จ CVE-2026-58203
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secrets_dir that is a symbolic link pointing outside secrets_dir is followed, so files outside the configured directory are read into settings values. The same code path bypasses the documented secrets_dir_max_size protection. An attacker or lower-privileged component able to influence entries in the configured secrets directory (for example, a writable or shared secrets mount) can turn this into an unintended local file read into settings and can defeat the advertised loading-size cap. This vulnerability is fixed in 2.14.2.
๐@cveNotify
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secrets_dir that is a symbolic link pointing outside secrets_dir is followed, so files outside the configured directory are read into settings values. The same code path bypasses the documented secrets_dir_max_size protection. An attacker or lower-privileged component able to influence entries in the configured secrets directory (for example, a writable or shared secrets mount) can turn this into an unintended local file read into settings and can defeat the advertised loading-size cap. This vulnerability is fixed in 2.14.2.
๐@cveNotify
GitHub
NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
### Summary
`NestedSecretsSettingsSource` reads secret values from files in a configured `secrets_dir`. When `secrets_nested_subdir=True`, a directory entry inside `secrets_dir` that is a symbolic...
`NestedSecretsSettingsSource` reads secret values from files in a configured `secrets_dir`. When `secrets_nested_subdir=True`, a directory entry inside `secrets_dir` that is a symbolic...
๐จ CVE-2026-59937
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.
๐@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.
๐@cveNotify
GitHub
SEC: Speed up recovery when reading broken cross-reference table (#3887) ยท py-pdf/pypdf@b5fc5aa
Replaces the regex-based search per object number by a string-based
parse of the full file in the first problematic call and re-using this
cached data for further problematic calls.
parse of the full file in the first problematic call and re-using this
cached data for further problematic calls.
๐จ CVE-2026-59938
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.
๐@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.
๐@cveNotify
GitHub
SEC: Apply general limit for requested image size (#3888) ยท py-pdf/pypdf@c64583b
A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files - SEC: Apply general limit for requested image size (#3888) ยท py-pdf/pypdf@c64583b
๐จ CVE-2026-59935
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2.
๐@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2.
๐@cveNotify
GitHub
SEC: Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline โฆ ยท py-pdf/pypdf@5a33a46
โฆimages (#3892)
๐จ CVE-2026-59936
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
๐@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
๐@cveNotify
GitHub
SEC: Detect end of stream during inline image end marker detection (#โฆ ยท py-pdf/pypdf@ec3b145
โฆ3891)
๐จ CVE-2026-13151
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.
๐@cveNotify
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.
๐@cveNotify
๐จ CVE-2026-13320
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
๐@cveNotify
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
๐@cveNotify
๐จ CVE-2026-6352
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations.
๐@cveNotify
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations.
๐@cveNotify
๐จ CVE-2026-6896
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
๐@cveNotify
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
๐@cveNotify
๐จ CVE-2026-7492
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
๐@cveNotify
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
๐@cveNotify
โค1
๐จ CVE-2026-8858
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
๐@cveNotify
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilitiesโฆ
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component.
๐จ CVE-2026-9072
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
๐@cveNotify
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilitiesโฆ
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component.
๐จ CVE-2026-10852
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
๐@cveNotify
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilitiesโฆ
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component.
๐จ CVE-2025-45422
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.
๐@cveNotify
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.
๐@cveNotify