CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

EUVD-2026-34824

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

MINI-HP2M-P3MF-256M

Bulletin has no description...

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

Important: Red Hat Security Advisory: postgresql-jdbc security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Security update for postgresql-jdbc (important)

openSUSE security update: security update for postgresql-jdbc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20847-1 Rating: important References: bsc1264174 Cross-References: CVE-2026-42198 CVSS scores: CVE-2026-42198 SUSE : 7.5...

OPENSUSE-SU-2026:20847-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication bsc1264174...

CVE-2026-6478

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2026:2028-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2028-1 advisory. This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256...

Malicious code in class-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3876854a76bda6892f76b9b44c67e066bfc6315a7e3d27431137727ff0ee728 The package advertises itself as a clsx/twMerge-style class-name merging utility, but the exported applyGlobalStylespalette, accents function contain...

MAL-2026-4576 Malicious code in hardhat-gas-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b0b8dd866d9c1f4516f4e537a2d61ea3cbe87f06b0195a24c0dea76fef44c0 This package typosquats the widely-used hardhat-gas-reporter Hardhat plugin matching its cache filename .hardhatgasreporteroutput.json and replicatin...

Astra Linux - уязвимость в firefox, thunderbird

When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в 389-ds-base

A heap overflow flaw was discovered in 389-ds-base. This issue causes a denial of service when writing a value larger than 256 characters in logentryattr...

Astra Linux - уязвимость в qemu

In QEMU versions up to 8.0.0, a division by zero can occur in the scsidiskreset function in hw/scsi/scsi-disk.c. This occurs because scsidiskemulatemodeselect does not prevent the s-qdev blocksize from being 256. This causes QEMU and the guest to stop functioning immediately...

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

EUVD-2026-30880

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

Taking Cryptography out of the Data Path Via Near-Memory Processing in DRAM

Cryptographic algorithms such as AES-128 and SHA-256 are fundamental to ensuring data security and integrity. Although these algorithms are computationally efficient, their performance is often constrained by the processor-centric architectures e.g., CPUs, GPUs, primarily due to the memory...

Unbounded 32-bit allocation

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...

CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

PT-2026-40923

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A covert timing channel exists during the comparison of...