Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.7 CVE-2026-58652

luci-app-travelmate – Arbitrary Command Execution via UCI Script Parameter_CVE-2026-58652

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL...

openwrt luci-app-travelmate 2.4.5-r3 CVE
MEDIUM 5.4 CVE-2026-4772

Stored XSS in TR7’s WAF-ASP_CVE-2026-4772

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Store...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
MEDIUM 4.6 CVE-2026-4770

DOM-Based XSS in TR7’s WAF-ASP_CVE-2026-4770

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Fire...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.42.239 CVE
CRITICAL 9.8 CVE-2026-4767

Improper Access Control in TR7’s WAF-ASP_CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE
NONE THN:425C8F77D2E...

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API_THN:425C8F77D2E775E794A788739D4B6222

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMMnC-1ujLiZRcV1xgXbB3qFoIREcbSiGqLCFID8-G-z8GFI3YEY8VniprVEBW4b4TZKJUvoRDg27elntNJW...

N/A N/A THN
NONE SCHNEIER:E75959...

Cybersecurity Mission Creep in the US_SCHNEIER:E759596C7E656DDAABCCFE50B4F0D1BE

Interesting paper: "Cybersecurity Mission Creep." > **Abstract:** Cybersecurity is experiencing mission creep. Policymakers are casting more and m...

N/A N/A SCHNEIER
NONE HACKREAD:E56D6B...

Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation_HACKREAD:E56D6B8E8719F548D5BBEDBAE6A485A9

A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in...

N/A N/A HACKREAD
NONE THN:952025EBFDC...

Identity Lifecycle Management Wasn’t Built for AI Agents _THN:952025EBFDC8E034F24F24D839ADBC97

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwwp0Bf4s6Xp_L13nlIV5Pf2D0awJsA5cDdev6yCr9f7nLVbmJmzqJ01cmdJkO4K0E3KEvdHhK10ZDai_tXV...

N/A N/A THN
CRITICAL 10 A03A5F4B-FAEF-

vuln-research-mcp_A03A5F4B-FAEF-5645-B215-DA2D4B834049

Vulnerability Research MCP Server A vulnerability research MCP server designed for penetration testing experts. It integrates multiple vulnerabilit...

N/A N/A GITHUBEXPLOIT
MEDIUM 5.1 CVE-2026-54431

Improper Data Validation in liboauth2_CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. R...

OpenIDC liboauth2 CVE