PT-2026-8284

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be...

CVE-2019-25338

A flaw was found in DokuWiki. This vulnerability, identified as a username enumeration, resides in the password reset functionality. A remote attacker can exploit this by submitting various usernames to the password reset endpoint. By observing the server's differing error responses, the attacker...

CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

SUSE CVE-2026-2319

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. Chromium security severity: Medium...

CVE-2025-70122

CVE-2025-70122 affects free5GC v4.0.1 UPF. The root cause is a heap buffer overflow in SDFFilterFields.UnmarshalBinary (sdf-filter.go) triggered when a declared length exceeds the actual buffer capacity, causing a runtime panic and UPF crash. Documents indicate remote exploitation over the networ...

CVE-2019-25337

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

CVE-2025-54161

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2025-62854

An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Statio...

CVE-2026-20652

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service...

CVE-2026-20652

CVE-2026-20652 is a remote DoS vulnerability in WebKit-based components (Apple Safari/WebKit and WebKitGTK family) caused by a memory handling issue when processing malicious web content. Affected products include Safari (macOS/iOS/iPadOS/watchOS/tvOS/visionOS) and WebKitGTK/WebKit2GTK in Linux d...

CVE-2026-1669 Arbitrary File Read in Keras via HDF5 External Datasets

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-2318

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-48725 QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

Linux Distros Unpatched Vulnerability : CVE-2026-2318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...

Linux Distros Unpatched Vulnerability : CVE-2026-2316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fastjson (UTSA-2026-005331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005331 advisory. The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is...

CVE-2026-21518

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...