152 matches found
CVE-2026-20187 Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20158 Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20157 Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20157
Technical details are not publicly available in provided documents. The CVE entry mentions missing encryption under CWE-311 and a Cisco RoomOS hardening release, but specific affected products, versions, root cause, impact, or fixes are not disclosed here. Monitor for updates.
CVE-2026-20156 Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20156
CVE-2026-20156 relates to Cisco RoomOS and a set of buffer management vulnerabilities (CWE-119) arising from improper bounds checks. The hardening release addresses multiple internally discovered issues; CVSSv3.1 metrics indicate network-access, high impact on confidentiality, integrity, and avai...
CVE-2026-20150 Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20150
CVE-2026-20150 concerns Cisco RoomOS, detailing improper access control (CWE-284). CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; impact: high across confidentiality, integrity, availability; vector: network, no user interaction, low privileges required. A Cisco software hardening release is cite...
GHSA-P39J-X9H5-Q66M OpenClaw: Embedded runner policy could be confused by provider aliases
Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...
OpenStack Horizon RC file generation does not escape special characters in project names
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
EUVD-2026-37723
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...
Security update for php-composer2
This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...
Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed
Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...
GHSA-J7H9-2JH7-G967 mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...
mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...
SUSE-SU-2026:21422-1 Security update for libsodium
This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...