CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

CVE-2026-40858

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

PT-2026-35550

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

Insufficiently Protected Credentials

Overview org.springframework.ai:spring-ai-autoconfigure-model-transformers is a Spring AI ONNX Transformers Auto Configuration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the default cache directory used by TransformersEmbeddingModel. An attacker c...

PT-2026-35558

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A path traversal issue exists in the ACP dispatch component. This allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths, bypassing the root directory...

Linux Distros Unpatched Vulnerability : CVE-2026-31669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability...

PT-2026-35492

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the Linux kernel's KASAN Kernel Address Sanitizer component. The kasan free pxd function incorrectly assumes that the page table is always aligned with stru...

Linux Distros Unpatched Vulnerability : CVE-2026-31668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and...

Unity Linux 20.1070e Security Update: freerdp (UTSA-2026-014305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014305 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library...

seg6: separate dst_cache for input and output paths in seg6 lwtunnel

...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

Hickory DNS 安全漏洞

Hickory DNS is an open-source DNS client, server, and resolver built in Rust. Versions 0.1 to 0.25.2 of Hickory DNS contain security vulnerabilities. These vulnerabilities stem from cache data that is not directly associated with queries that trigger responses, allowing cross-region poisoning...

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache move $tempgrava...

CLSA-2026-1776878817 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

SUSE CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

SUSE CVE-2026-31668

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dstcache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dstcache per encap route, shared between seg6inputcore and seg6outputcore. These two paths can perform the post-encap SID lookup ...

SUSE SLED15 / SLES15 Security Update : flatpak (SUSE-SU-2026:1600-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1600-1 advisory. - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. -...

Linux Distros Unpatched Vulnerability : CVE-2026-31577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations...