CVE-2026-35679
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.
CVE-2026-2645
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affe…
CVE-2025-13333
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
CVE-2026-1486
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFro…
CVE-2025-66607
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The response header
contains an insecure setting. Users could be redirected to malicious sites by
an attacker.
The
affected products and versions…
CVE-2025-66603
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
the OPTIONS method. An attacker could potentially use this information to carry
out other attacks.
The
affected products an…
CVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
specify MIME types. When an attacker performs a content sniffing attack,
malicious scripts could be executed.
The
affected p…
CVE-2025-66600
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product lacks
HSTS (HTTP Strict Transport Security) configuration. When an attacker performs
a Man in the middle (MITM) attack, communications w…
CVE-2025-69234
Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
CVE-2025-62002
BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single (possibly large) file without triggering detection if thresholds are configured to require multipl…
CVE-2025-66323
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58308
Vulnerability of improper criterion security check in the call module.
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2025-62585
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-62583
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-25255
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.…
CVE-2025-31969
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
CVE-2025-59147
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic send…
CVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.
CVE-2025-43262
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.
CVE-2025-32086
Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local…