CLSA-2026-1779374454 Fix of 7 CVEs

SECURITY UPDATE: multiple security fixes - debian/patches/CVE-2026-41284.patch: add a configurable maxRequestBodySize init-param to the WebDAV servlet to bound LOCK/PROPFIND XML request bodies; reject oversized bodies with 413 Request Entity Too Long. Includes the upstream...

CLSA-2026-1779373661 iperf3: Fix of CVE-2024-26306

CVE-2024-26306: use OAEP padding instead of PKCS1 padding for OpenSSL to address timing side-channel in RSA authentication. Note: peers running patched and unpatched iperf3 will fail to authenticate unless the legacy behavior is explicitly opted into via --use-pkcs1-padding on both ends...

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

CVE-2026-1816

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

EUVD-2026-31288

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

CVE-2026-1816

TEİAŞ’s Mobile Application is affected by CVE-2026-1816: an improper restriction of excessive authentication attempts that enables brute-force attacks. Affected versions are 1.6.2 up to 1.13 (not inclusive). The CVSS 3.1 baseline is 6.3 (MEDIUM) with network attack vector, low privileges required...

Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network...

Azure Resource Manager Elevation of Privilege Vulnerability

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-44053

A flaw was found in Netatalk. Weak cryptography in the dhcast128 User Authentication Module UAM allows a remote attacker to potentially compromise the confidentiality and integrity of data. This vulnerability could enable unauthorized access to sensitive information or allow for the manipulation ...

CVE-2026-44061

A flaw was found in Netatalk. This vulnerability involves the DES-ECB Data Encryption Standard - Electronic Codebook authentication mechanism, which is susceptible to a timing side channel attack. A remote attacker could potentially exploit this timing difference during authentication to gain...

CVE-2026-44073

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a vulnerability where the seteuid system call failure is ignored within authentication modules. This oversight may allow the attacker to perform unauthorized actions, leading to a low impact on confidentiality,...

CVE-2026-44057

A flaw was found in Netatalk. A dead bounds check in the Spotlight RPC unmarshaller may allow a remote authenticated attacker to obtain limited information. This vulnerability is triggered by sending crafted Spotlight RPC requests, leading to an information disclosure...

Secure Identity at the Edge: Akamai Partners with Auth0

The Akamai and Auth0 partnership secures identity at the edge by combining edge intelligence and adaptive authentication to stop fraud and enhance user trust...

CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

EUVD-2025-209910

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

CVE-2025-13477

The CVE-2025-13477 entry concerns WifiBurada (Digital Operations Services Inc.) with an Authentication Bypass due to Insufficiently Protected Credentials, exposing private data. Affected through 21052026; CVSS 3.1 base score 7.1 (HIGH) with Network attack vector, low complexity, low privileges re...

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

CLSA-2026-1779365436 samba: Fix of CVE-2021-20251

CVE-2021-20251: fix race condition in the password lockout code that allowed determined attackers to exceed the configured bad-password count by issuing concurrent authentication / SAMR password-change requests for the same account; the bad-password-count read and the follow-up increment now run...

Exploit for CVE-2026-45829

🚨 CVE-2026-45829 - ChromaDB Pre-Auth RCE Critical Remote...