Batch Me If You Can: Coverage-Guided RPKI Fuzzing at Scale

The Resource Public Key Infrastructure RPKI has become essential to secure inter-domain routing. Despite its critical role, RPKI software remains largely untested beyond shallow parsing. Existing fuzzers, like AFL++ or libFuzzer, do not work well for RPKI as they assume a single, self-contained...

PT-2026-43236

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...

epa4all-client 数据伪造问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory. GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite...

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from a single-bit error in the bounds checking of PKCS12 package elements. This vulnerability could...

TencentOS Server 3: git-lfs (TSSA-2026:0380)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0380 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

PT-2026-43378

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

PT-2026-43319

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The getInstance function within the InputFilter class fails to include a security-sensitive parameter when generating the instance cache key. Recommendations At...

PT-2026-47002

A flaw was found in gnutls. A use after free issue in client sending key share extension may lead to memory corruption and other consequences...

TencentOS Server 3: grafana (TSSA-2026:0374)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0374 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2026-48850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.72 before 0.84 has a double free in RSA KEX. CVE-2026-48850 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2026-27172

A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

DEBIAN-CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

UBUNTU-CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...