PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

SUSE-SU-2026:21560-1 Security update for distribution

This update for distribution fixes the following issues Security issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260283. - CVE-2026-33540: information disclosure via improper validation of authentication real...

OPENSUSE-SU-2026:20686-1 Security update for distribution

This update for distribution fixes the following issues Security issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260283. - CVE-2026-33540: information disclosure via improper validation of authentication real...

Firmware Distribution As Attack Surface: A Security Study of ASIC Cryptocurrency Miners

ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic im- portance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-42440 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-42440 Source advisory: OSV:GHSA-659W-93R5-9J6M...

org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-42440 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-42440 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16535521...

HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle

We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence CTI and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window 1990-2026...

CLSA-2026-1777541445 bluez: Fix of 3 CVEs

CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...

Fedora 45 : docker-distribution (2026-d7d99f08ff)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7d99f08ff advisory. Automatic update for docker-distribution-3.1.1-1.fc45. Changelog Fri May 1 2026 Bradley G Smith - 3.1.1-1 - Update to release v3.1.1 - Resolves:...

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...

CVE-2026-41888

creationtimestamp| type| source ---|---|--- 2026-05-01 14:27:56+00:00| published-proof-of-concept| https://github.com/distribution/distribution/security/advisories/GHSA-6pjf-3r9x-m592...

PT-2026-36525

Name of the Vulnerable Software and Affected Versions Eprosima Micro-XREC-DDS Agent version 3.0.1 Description A remote attacker can cause a denial of service by sending a specially crafted packet containing an invalid value in any Boolean field. Recommendations At the moment, there is no...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

Debian dsa-6234 : pdns-recursor - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6234 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6234-1 [email protected] https://www.debian.org/securit...

OPENSUSE-SU-2026:10631-1 distribution-registry-3.1.0-1.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...