ROS-20260524-73-0042

Vulnerability in mariadb10.6 related to bugs in security settings. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-21661

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

PT-2026-36829

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions stable/10.0 through stable/10.6 Description Missing input validation in the MP REACH NLRI component allows authenticated attackers to cause a Denial of Service DoS by supplying a crafted UPDATE message. Recommendations...

PT-2026-36875

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions 10.0 through 10.6 Description An integer underflow occurs when a program calculates a value that is smaller than the minimum value the variable can hold, often wrapping around to a very large number. This issue allows...

EUVD-2026-27047

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2025-0186

CVE-2025-0186 describes a denial-of-service vulnerability in GitLab CE/EE where an authenticated user could exhaust server resources by crafted requests to a discussions endpoint. Affected versions include all 10.6-era releases before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The is...

Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

Security Bulletin: IBM DataPower Gateway vulnerable to Prototype Pollution

Summary The affected package is used by the DataPower UI Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWit...

CVE-2025-36373

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...

PT-2026-29640

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

CVE-2026-1712

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

MiracleLinux 8 : pki-core:10.6 (AXSA:2021-2369:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2369:01 advisory. pki-server: Dogtag installer pkispawn logs admin credentials into a world-readable log file CVE-2021-3551 The PKI installer pkispawn logs admin credentials...

MiracleLinux 8 : pki-core:10.6 (AXSA:2022-4440:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4440:01 advisory. pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 Tenable has extracted the preceding description block directly from the...

EUVD-2020-21042

Malware in sbrugna...

EUVD-2021-26254

Malware in sbrugna...

EUVD-2010-1151

Malware in sbrugna...

EUVD-2023-59686

Malicious code in bioql PyPI...

EUVD-2024-38636

Malicious code in bioql PyPI...