CVE-2026-50226

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

CLSA-2026-1772572505 munge: Fix of CVE-2026-25506

CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...

USN-8040-1 munge vulnerability

Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged the MUNGE authentication daemon. A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution...

[SECURITY] [DLA 4477-1] munge security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4477-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 10, 2026 https://wiki.debian.org/LTS -...

CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

Honeywell Products Authorization Issue Vulnerability

Honeywell Products is a family of products from Honeywell USA. An authorization issue vulnerability exists in Honeywell PM43 versions prior to P10.19.050004, which stems from the presence of a session fixation vulnerability that allows for the forgery of session credentials via prediction...