K000156761: BIG-IP and BIG-IQ Configuration utility vulnerability CVE-2026-41957

Security Advisory Description An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. CVE-2026-41957 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility throu...

Vulnerability concealment in Fortinet FortiAuthenticator

Fortinet has identified a vulnerability in FortiAuthenticator. This vulnerability relates to incorrect access control in FortiAuthenticator, allowing attackers to execute unauthorized code or commands. This occurs due to insufficient restrictions in the access control mechanism within the softwar...

CLSA-2026-1778233384 openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

CVE-2026-6965

The CVE-2026-6965 entry concerns Tutor LMS

SUSE CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

SUSE CVE-2026-43350

In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parsedacl treats an ACE SID matching sidunixNFSmode as an NFS mode SID and reads sid.subauth2 to recover the mode bits. That assumes the ACE carries three...

SUSE CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

SUSE CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

EUVD-2026-29870

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated...

CVE-2025-28344

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...

Striso Control Firmware 安全漏洞

Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the AuxJack function...

MAL-2026-3651 Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

PT-2026-40703

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from configuring the VRR timing before enabling TRANSDDIFUNCCTL. This vulnerability may cause the ICL...

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow cross-source WebSocket...

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there were...

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

U-SPEED AC1200 安全漏洞

The U-SPEED AC1200 is a Gigabit dual-band Wi-Fi router produced by the U-SPEED company. The U-SPEED AC1200 Gigabit Wi-Fi Router T18-21K V1.0 version has a security vulnerability. This vulnerability stems from improper access control; the UART interface exposed by the device lacks an authenticatio...

protobuf.js 输入验证错误漏洞

protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js...