Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: external-secrets-fips, external-secrets-operator-fips, crossplane-provider-azure-authorization, grafana-fips, x509-certificate-exporter-fips, nuclei, crossplane-provider-azure-sql, crossplane-provider-azure-signalrservice, nfpm,...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kuma, trivy, traefik, coder-fips, prometheus-elasticsearch-exporter, knative-serving-fips, opentofu, opentofu-fips, external-dns, coder, prometheus-operator, kubescape, argo-cd, vitess, nerdctl, knative-kafka-broker-fips, argocd-image-updater-fips, omnictl-multiarch,...

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: nfpm, telegraf, external-secrets-operator, nuclei, crossplane-provider-azure-authorization, goreleaser, grafana, cert-manager, splunk-otel-collector, crossplane-provider-azure-sql, x509-certificate-exporter...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: nfpm, zarf, rootlesskit, flux, gomplate, kargo, ko, cosign, flux-image-automation-controller, kyverno, gitlab-runner, kots, argocd-image-updater, age, snyk-cli, terragrunt, flux-kustomize-controller, syft, argo-cd, chisel, spire-server, cert-manager,...

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: kubescape, zarf, loki, flux, gitea, flux-image-automation-controller, k9s, kyverno, knative-serving, kots, kubernetes-dashboard, aactl, nerdctl, external-dns, argocd-image-updater, containerd, skaffold, snyk-cli, rancher, telegraf, osv-scanner, zot, argo-cd, chisel,...

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: loki, flux, kyverno, knative-serving, kots, kubernetes-dashboard, aactl, nerdctl, external-dns, containerd, snyk-cli, rancher, telegraf, zot, argo-cd, spire-server, cert-manager, prometheus-operator, rancher-agent, vitess, fscrypt, kine, teleport, prometheus, istio,...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: opentelemetry-collector-contrib: opentelemetry-collector-contrib-0.155.0-0.1.hum1 aarch64, x8664 opentelemetry-collector-contrib-0.155.0-0.1.hum1.src src...

EUVD-2026-38873

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

CVE-2026-53005

CVE-2026-53005 affects the Linux kernel af_unix SOCKMAP feature. The issue arises from improper handling of SCM attributes when data is passed to SOCKMAP, enabling a use-after-free and inflight-file-descriptor leaks due to inability of GC paths to inspect psock queues after skb redirection. Multi...

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

Astra Linux – Vulnerability in Firefox and Thunderbird

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: clone set element expression template The memcpy function breaks when using connlimit in set elements. Use nftexprclone to initialize the connlimit expression list; otherwise, the connlimit garbage collect...

Astra Linux – Vulnerability in Firefox

If array shift operations are not used, the Garbage Collector may become confused regarding valid objects. This vulnerability affects Firefox versions less than 101...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: ipset: Fixed issues related to region locking in hash types. Region locking introduced in v5.6-rc4 included three macros for handling region locks: - ahashbucketstart: Takes back the start and end hash bucket values...

Astra Linux – Vulnerability in Firefox and Thunderbird

Certain types of allocations lacked annotations that, if the Garbage Collector was in a specific state, could have led to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...