PT-2026-42411

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description Netatalk generates AFP session tokens derived from predictable process IDs. This allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

Netatalk 授权问题漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.2 to 4.4.2 of Netatalk contained vulnerabilities related to authorization. These vulnerabilities stemmed from...

PT-2026-42406

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A stack-based buffer overflow occurs due to UCS-2 type confusion within the convert charset function. This allows a remote authenticated attacker to execute arbitrary code or cause a denial of...

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

Lenovo Personal Cloud Storage 操作系统命令注入漏洞

Lenovo Personal Cloud Storage is a personal cloud storage service provided by Lenovo Corporation. Lenovo Personal Cloud Storage has a vulnerability related to operating system command injection. This vulnerability stems from potential vulnerabilities, which may allow remote authenticated users to...

EUVD-2026-29820

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained security vulnerabilities. These vulnerabilities stemmed from exposed dangerous methods on the core server, which could...

EUVD-2026-29212

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

Unity Linux 20.1060e / 20.1070e Security Update: openvpn (UTSA-2026-017649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017649 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...

EUVD-2026-28993

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8216

Affected software / component: Industrial Application Software IAS Canias ERP 8.03; affected function: iasServerRemoteInterface.doAction (Java RMI Session Management). Issue / impact: Improper authentication resulting from manipulation of the doAction function. The attack can be launched remotely...

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

CVE-2026-8214

The CVE-2026-8214 entry concerns Industrial Application Software IAS Canias ERP 8.03. The vulnerability lies in the RMI Interface’s doAction function, where manipulating the sessionId argument leads to improper authentication. This can be exploited remotely, and public proof-of-concept exploit in...

PT-2026-39470

Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description An issue exists in the Login RMI Interface component where manipulation of the clientVersion argument leads to improper authentication. This allows a remote attacker to...

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

PT-2026-38667

Name of the Vulnerable Software and Affected Versions Atlona AT-OME-MS42 Matrix Switcher version 1.1.2 Description Remote authenticated users can execute arbitrary commands with root privileges. This is possible via a POST request to the '/cgi-bin/time.cgi' endpoint using the serverName parameter...

EUVD-2026-28393

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access...

CVE-2026-5786

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access...

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CLSA-2026-1777939234 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...