CVE-2026-5756

DRC COS (Central Office Services) is affected by an unauthenticated configuration file modification vulnerability via the /v0/configuration endpoint. The issue allows a network-adjacent attacker to submit JSON payloads that persistently modify the server’s configuration, potentially enabling data...

CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...

Improper Certificate Validation

Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...

Eclipse Jetty 环境问题漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Eclipse Jetty has a vulnerability related to environmental issues, which stems from the HTTP/1.1 parser’s request interception vulnerability when using chunked extensions...

PT-2026-32896

Name of the Vulnerable Software and Affected Versions DRC Central Office Services COS affected versions not specified Description An unauthenticated configuration file modification issue allows an attacker to modify the server configuration file. This could lead to mass data exfiltration, malicio...

PT-2026-32711

It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages...

Oracle Linux 9 : nginx:1.26 (ELSA-2026-7343)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7343 advisory. - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

Linux Distros Unpatched Vulnerability : CVE-2026-34477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the...

nginx:1.26 security update

2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

CVE-2021-47961

The CVE describes a plaintext password storage vulnerability in Synology SSL VPN Client prior to version 1.4.5-0684 . The insecure storage can allow remote attackers to access or influence the user’s PIN, potentially enabling unauthorized VPN configuration and interception of subsequent VPN traff...

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

PT-2026-31906

Name of the Vulnerable Software and Affected Versions Synology SSL VPN Client versions prior to 1.4.5-0684 Description A security issue exists in Synology SSL VPN Client that allows remote attackers to access or influence a user's PIN code due to insecure storage. This could lead to unauthorized...

Synology SSL VPN Client 安全漏洞

The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from improper storage of...

EUVD-2026-20991

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

CVE-2025-57735 Apache Airflow: Airflow Logout Not Invalidating JWT

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

JLSEC-2026-62

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...