CVE: CVE-2026-58289
Vendor: Microsoft
CVSS: 9
Exploitation: Not available
Changed: 1 day ago
Description: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE: GHSA-6xf4-794h-3f7w
Vendor: Microsoft
CVSS: 9.3
Exploitation: Not available
Changed: 1 day ago
Description: Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE: CVE-2026-45499
Vendor: Microsoft
CVSS: 9.9
Exploitation: Not available
Changed: 1 day ago
Description: Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVE: GHSA-29v8-q543-pf5w
Vendor: Microsoft
CVSS: 9.9
Exploitation: Not available
Changed: 1 day ago
Description: Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVE: CVE-2026-45659
Vendor: Microsoft
CVSS: 8.8
Exploitation: N/A
Changed: 2 days ago
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE: CVE-2026-20230
Vendor: Cisco
CVSS: 8.6
Exploitation: N/A
Changed: 3 days ago
Description: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
CVE: CVE-2026-12569
Vendor: PTC
CVSS: 9.3
Exploitation: N/A
Changed: 4 days ago
Description: A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
CVE: GHSA-m93h-gjv2-fmq2
Vendor: Simplehelp
CVSS: 9.5
Exploitation: N/A
Changed: 4 days ago
Description: SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
CVE: CVE-2026-33592
Vendor: open62541 project / o6 Automation GmbH
CVSS: 0.39
Exploitation: 0.39%
Changed: 2 days ago
Description: An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
CVE: GHSA-qrcr-3862-9f4c
Vendor: OpenIDC
CVSS: 0.12
Exploitation: 0.12%
Changed: 2 days ago
Description: liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to alb_base_url without URL encoding or path sanitization, and the HTTP GET is issued before signature verification. This allows an attacker to force the server to send a GET request to an attacker-chosen internal path. This issue was fixed in version 2.3.0
CVE: GHSA-3pf6-g4x4-jm46
Vendor: OpenIDC
CVSS: 0.13
Exploitation: 0.13%
Changed: 2 days ago
Description: In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2_token_verify() function returns success for a malformed DPoP proof that embeds the private Elliptic Curve (EC) key in the header. This issue was fixed in version 2.3.0
CVE: CVE-2026-11946
Vendor: open62541 project / o6 Automation GmbH
CVSS: 0.39
Exploitation: 0.39%
Changed: 2 days ago
Description: An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.