EUVD-2026-37748

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-20181 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-20181

Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...

Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device. For more information about these vulnerabilities, see the...

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

Important: Red Hat Security Advisory: redhat-ds:12 security update

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.2 E4S for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...

USN-8442-1 kitty vulnerabilities

It was discovered that kitty incorrectly handled certain image data. An attacker able to write to the terminal's input could possibly use this issue to cause kitty to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-33633 It was discovered that kitty incorrect...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2025-32748

Dell PowerFlex rack (RCM 3.7/3.7) contains a Host Header Injection vulnerability that allows an unauthenticated, remotely accessible attacker to trigger redirections. CVSS v3.1 base score 4.3 (MEDIUM) with Network attack vector, Low complexity, No privileges required, User interaction required. N...

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

CVE-2026-55743

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

DEBIAN-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

DEBIAN-CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

CVE-2026-35066

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

CVE-2026-35065

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure,...

CVE-2026-22283

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...