CVE ID :CVE-2026-9255 Published : May 22, 2026, 4:38 p.m. | 2 hours, 42 minutes ago Description :Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands,…
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets…
CVE ID :CVE-2026-48248 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…
CVE ID :CVE-2026-48249 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…
CVE ID :CVE-2026-48242 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed…
CVE ID :CVE-2026-48246 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…
CVE ID :CVE-2026-48247 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…
CVE ID :CVE-2026-20223 Published : May 20, 2026, 5:16 p.m. | 1 hour, 55 minutes ago Description :A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the…
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native…
CVE ID :CVE-2026-8598 Published : May 20, 2026, 4:16 p.m. | 2 hours, 54 minutes ago Description :An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about…