libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423 , carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to...

CVE-2026-25067

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...

CVE-2026-0408

NETGEAR WiFi range extenders are affected by CVE-2026-0408 due to a path traversal vulnerability that allows an attacker with LAN authentication to access the router’s IP and read the dynamically generated webproc file, which contains the username and password submitted to the router GUI. Affecte...

CVE-2026-0408 Path traversal vulnerability in Netgear WiFi Range Extenders

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2025-65176

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUSLOGONFAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the netwo...

PT-2025-51276

Name of the Vulnerable Software and Affected Versions Dynatrace OneAgent versions prior to 1.325.47 Description An issue exists in Dynatrace OneAgent where, when attempting to access a remote network share and receiving a "STATUS LOGON FAILURE" error, the agent retrieves all user tokens from the...

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

[SECURITY] Fedora 42 Update: qt5-qtnetworkauth-5.15.18-1.fc42

Qt5 - NetworkAuth component...

PT-2025-41474

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX contains a flaw in the '/UserWeb/Common/MarkupServices.ashx' endpoint that allows a remote, unauthenticated attacker to force NIX to establish a...

EUVD-2019-8054

Malware in sbrugna...

EUVD-2019-8911

Malware in sbrugna...

EUVD-2009-1980

Malware in sbrugna...

EUVD-2018-2694

Malware in sbrugna...

EUVD-2024-32972

Malicious code in bioql PyPI...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

CVE-2025-24292

Summary: CVE-2025-24292 affects UniFi Network (v9.1.120 and earlier). A misconfigured query could allow a user to authenticate to Enterprise WiFi or VPN Server (L2TP/OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication when both services are enabled and share the same RADIUS pr...

ALSA-2025:9430 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...