EulerOS Virtualization 2.13.0 : dhcp (EulerOS-SA-2026-2162)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...

CVE-2026-34087

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-7734

A flaw was found in osrg GoBGP. A remote attacker can exploit a vulnerability in the SRv6 L3 Service component by manipulating the data argument within the SRv6L3ServiceAttribute.DecodeFromBytes function. This manipulation leads to a denial of service DoS, making the affected system or service...

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

PT-2026-24745

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Account REST API of Keycloak that allows a user authenticated with a lower security level to perform sensitive actions intended only for higher-assurance sessions. An...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-21419

Dell Display and Peripheral Manager Windows versions prior to 2.2 contain an Improper Link Resolution Before File Access 'Link Following' vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2025-61727) and denial of service (CVE-2025-61729)

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to Goland module crypto/x509. This bulletin provides patch information to address the reported vulnerabilities in Goland module crypto/x509...

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.13 contained security vulnerabilities. These vulnerabilities stemmed from the Web service component’s ability to allow authenticated remote file...

CVE-2026-22239

CVE-2026-22239 concerns the BLUVOYIX email sending API. The Red Hat/NVD entries indicate a vulnerability caused by design flaws in the API, enabling an unauthenticated remote attacker to issue specially crafted HTTP requests to the vulnerable endpoint and send unsolicited emails on behalf of the ...

CVE-2019-7620

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...

PT-2025-51362

Name of the Vulnerable Software and Affected Versions Ningyuanda TC155 version 57.0.2.0 Description A flaw exists in the RTSP Service component of Ningyuanda TC155 version 57.0.2.0. Manipulation of an unknown function within this service can lead to a denial of service. The attack requires local...

KB5071505: Windows Server 2012 Security Update (December 2025)

The remote Windows host is missing security update 5071505. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network. CVE-2025-62549 - Heap-based buffer...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication that stems from a flaw in the Mount service that could lead to remote code execution...

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

China on Sunday accused the U.S. National Security Agency NSA of carrying out a "premeditated" cyber attack targeting the National Time Service Center NTSC, as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security MSS, in a...

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4165 Patch

All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2.4165 Patch. Veeam Product Latest Version Download Page Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that...

CVE-2025-11647

The CVE-2025-11647 issue affects Tomofun Furbo 360 and Furbo Mini, specifically the GATT Service handling. Affects Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The root cause is manipulation of the DeviceToken argument in the GATT Service, leading to information disclosure. E...

CVE-2025-11646

CVE-2025-11646 affects Tomofun Furbo 360 (FB0035_FW_036 and earlier) and Furbo Mini (MC0020_FW_074 and earlier). The issue arises from improper access controls in the GATT Service component, enabling a local‑network attack. Public exploits are available. Remediation per PT Security advisory: upda...

EUVD-2017-5890

Malware in sbrugna...

EUVD-2018-19431

Malware in sbrugna...