EUVD-2026-31438

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

CVE-2026-8671 Log Files contain encrypted secrets

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

CVE-2026-5072

CVE-2026-5072 affects Zephyr’s PTP subsystem. A remote attacker can send a crafted PTP_MSG_MANAGEMENT to set an unvalidated negative log_announce_interval in a port’s data set. When a subsequent PTP_MSG_ANNOUNCE is processed, port_timer_set_timeout_random computes timeout as NSEC_PER_SEC >>...

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

EUVD-2026-31413

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-5072 ptp: Potential Denial of Service via PTP Interval Shift

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

PT-2026-42762

Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.0 Description An issue in syslink software AG Avantra on Linux and Windows allows the insertion of sensitive information into log files, leading to Resource Leak Exposure, which occurs when a system fails to...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, caused by a bit offset issue. A remote attacker can set an unvalidated negative value of logannounceinterval by sending a specially crafted PTPMSGMANAGEMENT message...

Avantra 安全漏洞

Avantra is a SAP software developed by the Avantra company. Versions of Avantra prior to 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the insertion of sensitive information into log files, which could lead to resource leaks...

PT-2026-42731

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP MSG MANAGEMENT message to set an unvalidated negative log announce interval value in the port's data set. When a subsequent PT...

Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

The Model Context Protocol MCP standardizes how a large-language-model LLM agent and an external tool server exchange messages, but not trust: a host reads a server's self-declared tool list and dispatches calls, with no notion of which servers it may use, at what sensitivity, or which of a...

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016705 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

[SECURITY] Fedora 44 Update: cockpit-362-1.fc44

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

CVE-2026-44052

A flaw was found in Netatalk. A remote attacker could exploit this flaw due to ldap simple-bind passwords being exposed in log output. This could lead to sensitive information disclosure, specifically the exposure of user credentials...

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...