CVE-2026-27736

BigBlueButton Open Redirect CVE-2026-27736 affects the 3.x branch before version 3.0.20. The vulnerability arises because the errorRedirectUrl string is not validated and is used directly in respondWithRedirect, enabling an open redirect. The issue is fixed in BigBlueButton 3.0.20. No exploitatio...

CVE-2026-20107 Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

CVE-2026-20107

The CVE concerns Cisco Application Policy Infrastructure Controller (APIC) in the Object Model CLI. A vulnerability in the CLI input validation could allow an authenticated, local attacker with any role granting CLI access to issue crafted commands and trigger a device reload, causing a DoS. Affe...

CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

CVE-2025-67860

NeuVector scanner (CVE-2025-67860) is affected: the scanner process accepts registry and controller credentials via command-line arguments, potentially exposing sensitive credentials to local users. Root cause: credentials handled in command-line context. Impact: limited confidentiality risk (Low...

Important: Red Hat Security Advisory: RHTAS - Tech Preview Release Of the Policy Controller Operator

The Tech Preview release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17,...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling

A flaw was found in the Linux kernel's Bluetooth subsystem. A use-after-free UAF vulnerability exists in the hcidisconnectallsync function. This can occur if a Bluetooth connection is deleted while a controller event is being processed concurrently. A local attacker could potentially exploit this...

PT-2026-21940

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller APIC affected versions not specified Description A flaw exists in the Object Model CLI component that may allow an authenticated, local attacker to trigger an unexpected reload of the device,...

Harvester 安全漏洞

Harvester is a modern, open, interoperable, Kubernetes-based hyper-converged infrastructure HCI solution developed by harvesterhci. Harvester has a security vulnerability, which stems from the scanner process accepting registry and controller credentials as command-line parameters, potentially...

PT-2026-21954

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller and Manager allows an...