CVE-2026-49199

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

Oracle Hospitality OPERA 5 Property Services 安全漏洞

Oracle Hospitality OPERA 5 Property Services is a Windows-based application component developed by Oracle Corporation, used for processing payment card transactions. Vulnerabilities exist in versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28 of Oracle Hospitality OPERA 5 Property Service...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from the...

CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

...

CVE-2026-7853

CVE-2026-7853 affects D-Link DI-8100 with firmware 16.07.26A1. The weakness lies in the HTTP Handler’s /auto_reboot.asp, where the function sprintf mishandles the enable/time argument, causing a buffer overflow. This design flaw enables remote exploitation, and public exploit access is indicated ...

CVE-2026-6520

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

EUVD-2026-26315

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

PT-2026-36041

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the UDS protocol dissector allows for a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a versio...

PT-2026-36107

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The SAML IdP implementation in the SSO module uses the AssertionConsumerServiceURL value from incoming SAML AuthnRequest messages as the destination for the SAML response without validating it agains...

CVE-2026-40188 goshs is Missing Write Protection for Parametric Data Values

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...

elixir-nodejs 竞争条件问题漏洞

Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in http2-common (CVE-2025-5115)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-5115 of http2-common-11.0.24.jar. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send...

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-23777

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A security issue exists in the Philips Hue Bridge related to the HomeKit Accessory Protocol. Specifically, a static nonce authentication bypass is possible. This allows an attacker...

SUSE-SU-2026:0810-1 Security update for wireshark

This update for wireshark fixes the following issue: - CVE-2026-3201: USB HID protocol dissector memory exhaustion bsc1258907...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

CVE-2026-20048

Cisco Nexus 9000 Series Fabric Switches (ACI mode) SNMP subsystem is vulnerable to crafted SNMP requests, causing kernel panic, reload, and DoS. The issue stems from improper SNMP request parsing. Exploitation requires valid credentials: read-only SNMP community strings for SNMPv1/2c, or valid SN...

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...