EUVD-2026-31241

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

CVE-2026-44071

Netatalk versions 3.1.2 through 4.4.2 are compiled without FORTIFY_SOURCE, disabling built-in runtime buffer overflow detection. This may allow a remote attacker to cause a minor denial of service via memory errors that would otherwise be detected and terminated. No exploit details or patched ver...

Trend Micro TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise endpoint security platform provided by Trend Micro that offers capabilities for detecting terminal threats, antivirus protection, and managing security policies. There are access control vulnerability...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

PT-2026-42466

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation issue in the agent could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first have the ability to...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rsync vulnerabilities (USN-8283-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8283-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a security vulnerability, which stems from a race condition between the check time and the usage time in its caching mechanism. This vulnerability could allow local...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

PT-2026-42469

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to...

Trend Micro Apex One 访问控制错误漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has an access control vulnerability, which stems from errors in the self-protection mechanism’s source verification process. This vulnerability may allow local attackers to ga...

PT-2026-42470

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the...

PT-2026-42462

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

Firefox 151 packs big privacy upgrades into a small update

Mozilla has published release notes for Firefox browser version 151.0, and this update includes several genuinely meaningful privacy and security improvements. Three changes stand out in particular: Stronger anti‑fingerprinting Broader protection for local network access More control over private...

org.keycloak/keycloak-services: Session fixation in OIDC login flow that can lead to account takeover

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

keycloak: Keycloak: Unauthorized resource access and data modification via Insecure Direct Object Reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

Astra Linux - уязвимость в firefox, thunderbird

The Enhanced Tracking Protection’s Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS attacks through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames disguised as legitimate content. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a possible Use-after-Allocation UAF issue when remounting a read-only mmp-protected file system. After committing the change 618f003199c6 “ext4: fixing a memory leak in ext4fillsuper”, there is a race condition where...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Added outer runtime PM protection to xelivektest@xedmabuf. Any process using the kunit interface that performs memory accesses should receive its own outer runtime PM references, since it does not use the standard driver...