Browsing: Alerts

Synopsis The Twilio integration webhook handler accepts any POST request without validating Twilio’s ‘X-Twilio-Signature’.When processing media messages, it fetches user-controlled…

CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability [CWE-22] in FortiSOAR Agent…

MS-ISAC ADVISORY NUMBER:2025-109DATE(S) ISSUED:11/24/2025OVERVIEW:Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary…

Serial number: AV26-293Date: March 27, 2026 On March 26, 2026, Microsoft published a security update to address vulnerabilities in the…

MS-ISAC ADVISORY NUMBER:2025-110DATE(S) ISSUED:11/24/2025OVERVIEW:A vulnerability has been discovered SonicOS, which could allow for Denial of Service (DoS). SonicOS is the…

The Qualys Threat Research Unit (TRU) discovered several vulnerabilitiesin Apparmor. Details can be found in the Qualys advisory athttps://www.qualys.com/2026/03/10/crack-armor.txtFor the…

Disclosure Timeline Jan 20, 2026 : Initial contact Jan 27, 2026 : Second attempt Feb 04, 2026 : Third attempt…

CVSSv3 Score: 5.0 An authentication bypass by spoofing [CWE-290] vulnerability in FortiWeb protected hostname feature may allow a remote unauthenticated…

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) vulnerability in the affected products allows a remote attacker…

For the oldstable distribution (bookworm), these problems have been fixedin version 146.0.7680.153-1~deb12u1.For the stable distribution (trixie), these problems have been…