PT-2026-36525

Name of the Vulnerable Software and Affected Versions Eprosima Micro-XREC-DDS Agent version 3.0.1 Description A remote attacker can cause a denial of service by sending a specially crafted packet containing an invalid value in any Boolean field. Recommendations At the moment, there is no...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

Debian dsa-6234 : pdns-recursor - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6234 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6234-1 [email protected] https://www.debian.org/securit...

OPENSUSE-SU-2026:10631-1 distribution-registry-3.1.0-1.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lea...

PT-2026-37272

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z Description A path traversal issue in the ReadMultiple internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the...

Linux Distros Unpatched Vulnerability : CVE-2026-31595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the...

GHSA-82J2-J2CH-GFR8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

org.apache.dolphinscheduler:dolphinscheduler-dist (>=3.3.2 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0-alpha <=3.4.0)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0-alpha, =3.3.2, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431736...

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

[SECURITY] [DSA 6225-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6225-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2026 https://www.debian.org/security/faq -...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

PT-2026-34527

Summary The extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0...

PT-2026-34530

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

Linux Distros Unpatched Vulnerability : CVE-2026-6060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be kill...

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

Debian dsa-6217 : luanti - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6217 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6217-1 [email protected] https://www.debian.org/securit...