Monthly
Zcash zcashd before version 6.12.0 fails to properly verify Sprout zero-knowledge proofs under certain conditions, allowing authenticated attackers to submit invalid transactions that could drain funds from the Sprout shielded pool. The vulnerability requires authenticated access and complex conditions to exploit, resulting in a low CVSS score of 3.5 despite the potential financial impact. No public exploit code or active exploitation has been confirmed.
CVE-2026-2645 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. [CVSS 4.4 MEDIUM]
Keycloak's JWT authorization grant flow fails to verify that an Identity Provider is enabled before accepting tokens signed by its key, allowing attackers with a disabled IdP's signing credentials to obtain valid access tokens. This authentication bypass affects organizations that have disabled IdPs due to compromise or offboarding but retain the associated signing keys. An attacker can exploit this to gain unauthorized access to systems relying on Keycloak for authentication.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the security of SCADA communications.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration.
CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Zcash zcashd before version 6.12.0 fails to properly verify Sprout zero-knowledge proofs under certain conditions, allowing authenticated attackers to submit invalid transactions that could drain funds from the Sprout shielded pool. The vulnerability requires authenticated access and complex conditions to exploit, resulting in a low CVSS score of 3.5 despite the potential financial impact. No public exploit code or active exploitation has been confirmed.
CVE-2026-2645 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. [CVSS 4.4 MEDIUM]
Keycloak's JWT authorization grant flow fails to verify that an Identity Provider is enabled before accepting tokens signed by its key, allowing attackers with a disabled IdP's signing credentials to obtain valid access tokens. This authentication bypass affects organizations that have disabled IdPs due to compromise or offboarding but retain the associated signing keys. An attacker can exploit this to gain unauthorized access to systems relying on Keycloak for authentication.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the security of SCADA communications.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration.
CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.