Gitea Container Registry Exposes Private Images to Unauthenticated Attackers
A critical access control vulnerability (CVE-2026-27771) has been disclosed in Gitea's built-in container registry, allowing any unauthenticated remote attacker to...
A critical access control vulnerability (CVE-2026-27771) has been disclosed in Gitea's built-in container registry, allowing any unauthenticated remote attacker to...
A critical vulnerability (CVE-2026-45695, CVSS 9.8) was disclosed affecting Kopia, the open-source backup and restore tool, allowing attackers to achieve...
A max-severity vulnerability (CVE-2026-45829, CVSS 10.0) was disclosed affecting ChromaDB, the widely used open-source vector database for AI applications, allowing...
A critical vulnerability (CVE-2026-46354, CVSS 9.1) was disclosed affecting Coder, a popular open-source remote development platform, allowing attackers to steal...
Executive Summary Security researchers disclosed new exploitation techniques for the previously documented “PoolSlip” vulnerability affecting NGINX, demonstrating that earlier mitigations...
Executive Summary A highly critical vulnerability (CVE-2026-9082, Drupal risk score 20/25) was disclosed affecting Drupal core versions 8.9.0 through 11.3.9,...
Table of contentsAttack OverviewTechnical CapabilitiesAffected Packages and ExposureRecommended RemediationIncident StatusPotential ImpactHow can Orca help? A critical supply chain attack compromised...
Table of contentsExecutive Summary: PII, Medical Records, and Credentials at RiskThe Rise of Vector Databases and Their Blind SpotsThe Root...
Table of contentsExecutive SummaryVulnerability DetailsWhy This MattersAffected Systems and Proof of Concept (PoC)Recommended MitigationExploitation Risk and Threat OutlookPotential ImpactHow can...