PT-2026-44122

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software accepts client-supplied session id values in WebSocket task messages and reuses...

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from nfsd’s improper handling of request delays during the idmap search process. This issue may cause...

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the caif driver failing to clear the client service pointers during disassembly. This could lead ...

PT-2026-44002

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 4.2.0 through 4.2.3 Description The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^client id-sensors$ to restrict access,...

RabbitMQ 安全漏洞

RabbitMQ is an open-source, feature-rich multi-protocol message and streaming media broker. Versions of RabbitMQ from 4.2.0 to 4.2.4 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions for variable substitutions in topic-level authorization within th...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak. This vulnerability arises when authenticated low-privilege users can send excessively large SubjectToken JWT tokens to the TokenEndpoint. When the token...

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability arises from the reuse of existing sessionid, leading to the return of expired results, which may resul...

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains security vulnerabilities. These vulnerabilities stem from the WebSocket control plane’s reliance on identity and role fields provided by clients,...

PT-2026-43966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the caif connect function where a client is torn down after a remote shutdown by calling caif disconnect client and caif free client. The caif free client function...

PT-2026-43839

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF and double free issue exists in the SMB client. The problem occurs within the smb2 open file function when retrying SMB2 open. If the data variable is not null, a UA...

PT-2026-44120

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO creates a single shared UFOWebSocketHandler instance that is reused across multiple authenticated WebSocket connections. The handler stores protocol objects for each connection ...

CVE-2025-67903

CVE-2025-67903 affects Northern.tech Mender Client 5 prior to 5.0.4. The vulnerability is a cryptographic signature verification bypass. The provided documents do not include details on the root cause, vulnerable components beyond the client, or a confirmed remediation/patch version. No exploitat...

Linux Distros Unpatched Vulnerability : CVE-2026-46098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed ...

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...