CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: flannel, local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator,...

GHSA-68X5-XX89-W9MM OpenClaw: resolvedAuth closure becomes stale after config reload

Impact resolvedAuth closure becomes stale after config reload. After a config reload, newly accepted gateway connections could continue using stale resolved auth state. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the resolvedAuth process becoming outdated after a configuration reload. An attacker can maintain unauthorized access by leveraging stale...

Cisco IOS Software HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed HTTP requests to...

Cisco IOS XE Software Release 3E HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS XE Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed...

CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP DoS (cisco-sa-nxos-dsnmp-cNN39Uh)

According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a vulnerability. - A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause ...

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376

The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-33641

A flaw was found in Glances, an open-source system monitoring tool. An attacker who can modify or influence Glances' configuration files can inject malicious system commands. These commands are automatically executed with the privileges of the Glances process during startup or configuration reloa...

DEBIAN-CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

CLSA-2026-1775039763 wireshark: Fix of 11 CVEs

CVE-2023-6175: fix heap buffer overflow in NetScreen file parser - CVE-2024-0208: fix crash in GVCP dissector due to NULL string - CVE-2024-0209: fix uncontrolled recursion in ASN.1 dissectors - CVE-2024-0211: fix infinite loop in DOCSIS dissector - CVE-2024-2955: fix use-after-free in T.38...

CLSA-2026-1775032927 wireshark: Fix of 11 CVEs

CVE-2023-6175: fix heap buffer overflow in NetScreen file parser - CVE-2024-0208: fix crash in GVCP dissector due to NULL string - CVE-2024-0209: fix uncontrolled recursion in ASN.1 dissectors - CVE-2024-0211: fix infinite loop in DOCSIS dissector - CVE-2024-2955: fix use-after-free in T.38...

PT-2026-29092

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.6 Description An authentication bypass exists in the Model Context Protocol MCP integration of Nginx UI. The software exposes two HTTP endpoints: '/mcp' and '/mcp message'. While '/mcp' requires both IP...

CVE-2026-20125

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

CVE-2026-20012

A vulnerability in the Internet Key Exchange version 2 IKEv2 feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance ASA Software, and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a...