23244 matches found
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
[SECURITY] Fedora 44 Update: opkssh-0.15.0-2.fc44
OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...
CVE-2026-56359
n8n prior to 2.8.0 contains a cross-site scripting vulnerability in the credential management flow. Authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields, enabling crafted credentials to cause the victim, who clicks the OAuth authorization button...
nginx security, bug fix, and enhancement update
An update is available for nginx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a...
Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3785 (ALAS-2026-3785)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3785 advisory. Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a...
Important: util-linux
Issue Overview: Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Affected Packages: util-linux Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Medium: opensc
Issue Overview: A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The...
Important: expat
Issue Overview: In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. CVE-2026-56132 Affected Packages: expat Note: This advisory is applicable to...
GHSA-XJMJ-P278-4JP5 vulnerabilities
Vulnerabilities for packages: openstack-nova-2025.2...
PYSEC-2026-996 TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Impact When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. cpp Status SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...
CVE-2026-8309
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...
nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
CVE-2026-14716 nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 CVE-2025-5777 vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and...
CVE-2026-27435
creationtimestamp| type| source ---|---|--- 2026-07-01 10:52:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpldyxfiem2r 2026-07-01 11:37:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgjmmcz222 2026-07-01 13:12:45+00:00| seen|...