GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

WordPress MotorDesk plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin MotorDesk versions = 1.1.2...

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

CVE-2026-10651

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...

CVE-2026-10651 Bluetooth Classic SDP parser truncation bug in bt_sdp_parse_attribute() leads to reachable assertion and possible out-of-bounds read

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...

CVE-2026-10651

The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...

On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice

Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: A potential reference count leak has been fixed in ndiscrouterdiscovery. This issue occurs on specific paths within the function. After the object rt and neigh are successfully acquired, when lifetime is non-zero but the...

Astra Linux – Vulnerability in wpa

A vulnerability was discovered in the way p2p/p2ppd.c in wpasupplicant processes P2P Wi-Fi Direct provision discovery requests before version 2.10. This could lead to denial of service or other impacts, potentially including the execution of arbitrary code, if an attacker is within range of the...

Astra Linux – Vulnerability in bluez

In BlueZ before version 5.55, a double-free error was detected in the gatttool disconnectcb routine from the shared/att.c file. A remote attacker could potentially cause a denial of service or code execution during service discovery, due to the redundant disconnect MGMT event...

Oracle Enterprise Manager Cloud Control (June 2026 CSPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Target...

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

CVE-2026-20246

creationtimestamp| type| source ---|---|--- 2026-06-17 18:50:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moiy75gbak2f 2026-06-17 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1928...

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...

CVE-2026-46832

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Discovery Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise...

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...