CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle MitM attacker to impersonate the controller...

EUVD-2026-30014

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

EUVD-2026-29892

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

BELL-CVE-2026-42501

Bulletin has no description...

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

CVE-2026-44582

Next.js (React Server Components) versions 13.4.6–before 15.5.16 and 16.2.5 are vulnerable to cache poisoning in deployments using shared caches with insufficient response partitioning. The issue stems from collisions in the _rsc cache-busting value, which can cause an attacker to serve a poisone...

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

CVE-2024-51394

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APMSP::loop, APMSP, APMSP.cpp components...

CVE-2026-45028

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45028

Astro prior to 6.1.10 used AES-GCM to protect server island props and slots but did not bind ciphertext to the target component/type, enabling replay of an encrypted props value as a slots value (and vice versa). This could cause XSS when overlapping prop/slot keys occur in dynamically rendered p...

CVE-2026-43478

CVE-2026-43478 affects the Linux kernel ASoC: codecs for the rt1011 driver. The vulnerability stems from using an incorrect helper to obtain the DAPM context in spk_mode_put(): the code should call snd_soc_component_to_dapm() , otherwise a NULL pointer may be returned from kcontrol. The connected...

CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

RLSA-2026:15892 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

BELL-CVE-2026-43894

Bulletin has no description...

CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

NPM: Astro: Server island encrypted parameters vulnerable to cross-component replay

NPM: Astro: Server island encrypted parameters vulnerable to cross-component replay vulnerability discovered by ? in WordPress Npm astro versions 6.1.10...

EUVD-2026-30054

Astro: Server island encrypted parameters vulnerable to cross-component replay...