27017 matches found
IGL-Technologies eParking.fi
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Observability for AI Systems: Strengthening visibility for proactive risk detection
Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...
Heimdall: Path received via Envoy gRPC corrupted when containing query string
Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...
GHSA-R8X2-FHMF-6MXP Heimdall: Path received via Envoy gRPC corrupted when containing query string
Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...
CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...
CVE-2026-23247
CVE-2026-23247 is a Linux kernel TCP/TCP options issue that reintroduces port inclusion in the TS offset to mitigate an off-path TCP source port leakage via a SYN-cookie side-channel. The vulnerability is resolved by reverting a previous downgrade of timestamp offsets and performing a single siph...
Command Injection
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Command Injection via the securepopen function. An attacker can execute arbitrary commands by supplying specially crafted process names or container names containing shell...
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
CVE-2026-22320
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-32606
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...
CVE-2026-32606 IncusOS has a LUKS encryption bypass due to insufficient TPM policy
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...
CVE-2026-32606
CVE-2026-32606 affects IncusOS (immutable OS image) where, prior to 202603142010, systemd-cryptenroll TPM-based LUKS key release can occur if PCR7/PCR11 conditions are met, allowing physical attackers to substitute the root partition, boot with a recovery key, and retrieve the LUKS master key via...
grub2 security update
2.06-114.0.1.el97.1 - Update grub2 dependencies to match new Secure Boot certificate chain of trust Orabug: 37766761 - Fix typo in SBAT metadata Orabug: 37693946 - Allow installation of grub2 only with shim-aa64 that allows booting it Orabug: 37693946 - net/dns: Fix removal of DNS server Orabug:...
Cisco Secure Firewall Management Center Software RCE (cisco-sa-fmc-rce-NKhnULJh)
According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary...
PT-2026-26091
Name of the Vulnerable Software and Affected Versions Heimdall versions 0.7.0-alpha through 0.17.10 Description Heimdall, a cloud native Identity Aware Proxy and Access Control Decision service, contains an issue where incorrect encoding of the query URL string can allow bypass of rules with...
Unity Linux 20.1070a Security Update: openssh (UTSA-2026-006246)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006246 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...
CVE-2026-22727
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...