CVE-2026-7163

CVE-2026-7163 affects the Assisted-service REST API in the Multicluster Engine (MCE) used with Red Hat ACM/MCE on-prem deployments. An authenticated user with minimal namespace privileges can obtain administrative credentials (the kubeadmin password) and kubeconfig for any cluster provisioned thr...

CVE-2026-7163 Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure

A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...

EUVD-2018-21838

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...

WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Idan Vaknin in WordPress Plugin Advanced Form Integration versions = 1.126.12...

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

CVE-2026-7154

Technical details about CVE-2026-7154 are not publicly available in the provided documents. No confirmed affected products, versions, or fixes are stated here. Monitor for updates from official advisories.

CVE-2025-54505

A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality...

CVE-2025-54505

A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality...

CVE-2025-54505

A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality...

AMD CPU 安全漏洞

AMD CPUs are a series of CPUs produced by Advanced Microelectronics Devices, Inc. AMD. There are security vulnerabilities in AMD CPUs, which stem from transient execution issues in the floating-point divider units. These vulnerabilities may allow local user privilege attackers to disclose data,...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the parameter ttyserver in the setAdvancedInfoShow function within the CGI...

ALSA: fireworks: bound device-supplied status before string array lookup

...

[SECURITY] Fedora 44 Update: kddockwidgets-2.4.0-7.fc44

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

CVE-2026-31550

A flaw was found in the Linux kernel's bcm2835-power component. An insufficient timeout during the ASB Advanced System Bus bridge control process, particularly under heavy system load, can prevent the V3D graphics processor from properly disabling. This can leave the V3D in an unstable state,...

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance ASA software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K....

CVE-2025-62104

Technical details about CVE-2025-62104 are not publicly available in the provided documents; monitor for updates.

USN-8203-1: Linux kernel (Oracle) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8179-3: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8183-2 linux-aws, linux-aws-6.17, linux-hwe-6.17, linux-oracle, linux-oracle-6.17 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...