xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: redpanda-operator, kubescape-operator-fips, spegel-fips, packer-fips, jfrog-cli, amazon-ecs-agent-fips, amazon-ecs-agent, google-osconfig-agent, spegel, datadog-agent-fips, kubescape, helm-fips, headlamp-fips, neuvector-scanner-fips, linkerd2-fips, zot,...

PT-2026-51651

Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum affected versions not specified Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issu...

Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.15

Logging for Red Hat OpenShift - 6.0.15 Red Hat OpenShift Logging 6.0.15 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

CVE-2026-46903

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Business Logic Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2026-46906

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD...

CVE-2026-46878

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise ...

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...

Important: Red Hat Security Advisory: Red Hat Update Infrastructure 5.2 security update

The latest release of Red Hat Update Infrastructure. For more details, see the product documentation. Red Hat Update Infrastructure RHUI container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images. This release updates to the latest version...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

PT-2026-50010

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Business Logic Infrastructure Security component of JD Edwards EnterpriseOne Tools. A low privileged attacker with network access via HTTP can...

PT-2026-50016

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via HTTP can exploit this fl...

Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

CVE-2026-7368

The CVE covers Yarbo Android/iOS mobile app and Yarbo cloud infrastructure where per-device/user authorization is not enforced. The system allows any client with valid credentials to subscribe to wildcard topics for all robots and publish to any robot’s command topic using only the robot’s serial...