PT-2026-26658

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

ROS-20260319-73-0018

A vulnerability in the Grub2 operating system boot loader is related to incorrect buffer size calculation when processing received packets. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260319-73-0015

A vulnerability in the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service and gain unauthorized access to the system...

ROS-20260319-73-0019

A vulnerability in the gettext module of the Grub2 operating systems boot loader is related to the ability to use memory after release. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260319-73-0017

A vulnerability in the normalexit function of the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260319-73-0016

A vulnerability in the Grub2 operating system boot loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

RHEL 9 : grub2 (RHSA-2026:4823)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4823 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure fro...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CLSA-2026-1773683117 gimp: Fix of 4 CVEs

CVE-2026-2044: fix uninitialized memory read in PGM file parser - CVE-2026-2045: fix heap buffer overflow in XWD file loader - CVE-2026-2048: fix out-of-bounds write in XWD file loader - CVE-2026-0797: fix missing fread return value checks in ICO file loader...

Zombie ZIP method can fool antivirus during the first scan

A researcher published “Zombie ZIP,” a simple way to change the first part header of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests...

CLSA-2026-1773655369 gimp: Fix of 4 CVEs

CVE-2026-2044: fix uninitialized memory read in PGM file parser - CVE-2026-2045: fix heap buffer overflow in XWD file loader - CVE-2026-2048: fix out-of-bounds write in XWD file loader - CVE-2026-0797: fix missing fread return value checks in ICO file loader...

RHEL 8 : grub2 (RHSA-2026:4648)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4648 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Advisory ROSA-SA-2026-3211

software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...

OESA-2026-1543 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

Unity Linux 20.1070e Security Update: assimp (UTSA-2026-006188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006188 advisory. A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader...

Unity Linux 20.1070e Security Update: assimp (UTSA-2026-006193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006193 advisory. A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of t...