CVE-2026-43501

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...

CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

php: Fix of 2 CVEs

CVE-2026-6722: Use-after-free in SOAP ext via stale refmap pointer - CVE-2026-7261: Use-after-free in SOAP after header parse failure with SOAPPERSISTENCESESSION...

CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44067

Summary: CVE-2026-44067 affects Netatalk 2.1.0 through 4.4.2, where an EA (extended attribute) header parsing heap over-read can allow a remote, network-accessible attacker to cause information disclosure or a minor service disruption. The issue is fixed in Netatalk 4.5.0. Affected component/vers...

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

EUVD-2026-31214

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

PT-2026-42602

Impact A logic flaw in BlockInclusionProof::is block proven causes the function to return true without performing any cryptographic verification when get interlink hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

MAL-2026-4212 Malicious code in polymarket-claude-code (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

PT-2026-42457

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipv6 rpl srh rcv function during the decompression and recompression of RFC 6554 Source Routing Headers. When the recompressed header is larger than the received...

solaredge - (CSRF-OOB-Injection)

Titles: solaredge - CSRF-OOB-Injection Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework /solaredge-web/ Reference: https://monitoring.solaredge.com/ Description: The solaredge-CSRF-Hijack vulnerability arises due to a...

Security update for cpp-httplib (important)

openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0174-1 Rating: important References: 1255835 1256518 1259220 1259221 1259373 Cross-References: CVE-2026-21428 CVE-2026-22776 CVE-2026-28434 CVE-2026-28435 CVE-2026-29076 CVSS scores: CVE-2026-21428 SUSE: 8...

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

MAL-2026-4445 Malicious code in @signetai/signet-memory-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e55a5379336a0ab822ee9fe70b20023e452595f41cfe2624464aadb73d390 On plugin load, register invokes installFetchSanitizer dist/index.js:14420-14463 which monkey-patches globalThis.fetch. For requests to...

GO-2026-4988 DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header in github.com/l3montree-dev/devguard

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

EUVD-2026-31146

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...