๐ CVE-2026-22730 - High (8.8)
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability exists due to missing input sanitization.
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-22730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-22729 - High (8.6)
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-22729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-32606 - High (7.6)
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypte...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-32606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-2603 - High (8.1)
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-2603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-2092 - High (7.7)
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-2092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-28500 - High (8.6)
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-28500/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2025-14031 - High (7.5)
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...
๐ https://www.thehackerwire.com/vulnerability/CVE-2025-14031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-22727 - High (7.5)
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-22727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-21994 - Critical (9.8)
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-21994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-32838 - High (7.5)
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-32838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire