EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0601)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0601 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12,...

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

PT-2026-48541

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

PT-2026-48350

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esp tee component exposes secure-service wrappers in esp secure services.c and esp secure services iram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware...

PT-2026-48523

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A privilege escalation flaw exists in the Linuxulator, a compatibility layer that allows Linux binaries to run on FreeBSD. A logic bug related to AT SECURE occurs during setuid execution...

Erlang/OTP 信息泄露漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP versions 3.0.1 to 6.0.1, 5.5.2.1, and 5.2.11.8 have a vulnerability known as information leakage. This vulnerability stems from the SSHFXPREADLI...

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

Erlang/OTP -- SFTP READLINK discloses server filesystem paths

https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's handling of SSHFXPREADLINK returned symbolic link targets containing the server's absolute filesystem path, disclosing the backend root prefix to clients. The handler now strips the backend root...

MGASA-2026-0182 Updated ruby-net-ssh packages fix security vulnerabilities

This update fixes CVE-2023-48795: Prefix Truncation Attacks in SSH Specification Terrapin Attack , for ruby-net-ssh...

EUVD-2026-35522

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35526

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35521

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35525

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35523

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35524

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35514

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...