CVE-2026-34911

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...

PT-2026-42660

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A Path Traversal vulnerability exists in UniFi OS devices, where a malicious actor with network access and low privileges can access internal routes and files on the underlying system withou...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

MAL-2026-4614 Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

RLSA-2025:9844 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-11187...

GHSA-X86F-5XW2-FM2R vulnerabilities

Vulnerabilities for packages: aws-otel-collector, skopeo-fips, nuclei, buildah-fips, grafana-fips, beats-fips, skopeo, elastic-agent, portieris, nerdctl-fips, grafana, portieris-fips, trivy, elastic-agent-fips, docker-fips, zot, undock, nerdctl, nrdot-collector-k8s-fips,...

GHSA-RG2X-37C3-W2RH vulnerabilities

Vulnerabilities for packages: aws-otel-collector, skopeo-fips, nuclei, buildah-fips, grafana-fips, beats-fips, skopeo, elastic-agent, portieris, nerdctl-fips, grafana, portieris-fips, trivy, elastic-agent-fips, docker-fips, zot, undock, nerdctl, nrdot-collector-k8s-fips,...

PT-2026-42657

Name of the Vulnerable Software and Affected Versions UniFi OS Server versions prior to 5.0.8 Description An improper access control flaw exists in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI. This discrepancy allows...

CVE-2026-8632 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

CVE-2026-9123

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: Medium...

CVE-2026-9112

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-31135

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

Astra Linux - уязвимость в chromium

In Google Chrome on the Chrome OS, the use of “after free” in Tablet Mode before version 102.0.5005.61 allowed a remote attacker who convinced a user to engage in certain user interactions to potentially exploit heap corruption through those interactions...

Astra Linux - уязвимость в chromium

Before version 104.0.5112.79, using "use after free" in the Input component in Google Chrome on the Chrome OS allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...

Astra Linux - уязвимость в webkit2gtk

This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policies...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...