MINI-2GG5-RPW6-PW94

Bulletin has no description...

CVE-2025-22106

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

EUVD-2026-18158

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of incoming WebSocket call notifications, where user-supplied data is inserted into the DOM without proper sanitization. A...

DEBIAN-CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

ASB-A-434039170

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-30290

An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

InTouch Contacts & Caller ID 安全漏洞

InTouch Contacts & Caller ID is a communication management app developed by the Indian company InTouch. It provides features for backup of contacts, synchronization, and caller identification. Version 6.38.1 of InTouch Contacts & Caller ID contains a security vulnerability. This vulnerability ste...

Secure Reinforcement Learning: On Model-Free Detection of Man in the Middle Attacks

We consider the problem of learning-based man-in-the-middle MITM attacks in cyber-physical systems CPS, and extend our previously proposed Bellman Deviation Detection BDD framework for model-free reinforcement learning RL. We refine the standard MDP attack model by allowing the reward function to...

MINI-QVCQ-Q7X6-H9J3

Bulletin has no description...

[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 44 Update: suricata-8.0.4-1.fc44

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

CVE-2026-4622

creationtimestamp| type| source ---|---|--- 2026-03-27 15:17:14+00:00| seen| Telegram/svRbUAS3r6GAYzDJQh3Todl-Lk2he1i8bWMEx2GJpog2k 2026-03-27 16:22:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi2jonlpq62i 2026-04-02 20:00:00+00:00| seen| https://jvn.jp/en/jp/JVN89339669/...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability where authentication and authorization checks are missing for endpoints/api/v1/files/images/flowid/filename. This vulnerability allows...

CVE-2026-27813 EVerest has use-after-free in auth timeout timer via race condition

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events or delayed authorization response. Version 2026.2.0 contains a patch...

CVE-2026-4516

creationtimestamp| type| source ---|---|--- 2026-03-21 17:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhllyh6udy27...

CVE-2026-4486

creationtimestamp| type| source ---|---|--- 2026-03-20 16:26:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhiwm2srxj2u 2026-03-20 21:00:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjfxjuo7i2n 2026-03-20 21:22:50+00:00| seen|...

CLSA-2026-1774023753 Update of linux-firmware

Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21ver:0x0B002161, cpuid:0x00B00F81ver:0x0B008121, cpuid:0x00B10F10ver:0x0B101058, cpuid:0x00B20F40ver:0x0B204037, cpuid:0x00B40F40ver:0x0B404035, cpuid:0x00B40F41ver:0x0B404108, cpuid:0x00B60F00ver:0x0B600037,...