CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

PT-2026-45018

Name of the Vulnerable Software and Affected Versions Russh versions 0.34.0-beta.1 through 0.60.x Description The server authentication path in the Russh library fails to separate internal user authentication state when the request principal changes across SSH MSG USERAUTH REQUEST messages...

CVE-2026-42560

The CVE describes a vulnerability in the Patreon OAuth provider used by github.com/go-pkgz/auth, where the mapUser logic computes a local user ID from an uninitialized field, causing every Patreon-authenticated user to share the same local identity. The GHSA advisory details show the code path wh...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: Do not leak the ccs state. The kernel only manages the ccs state using lmem-only objects. However, the kernel should still ensure that the CCS state is not leaked from the previous user. Cherished from commit...

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

CVE-2026-28867

CVE-2026-28867: Apple advises that an issue was addressed with improved authentication. Affected products include iOS 18.7.7/iPadOS 18.7.7 and iOS 26.4/iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. The vulnerability could allow an app to leak sen...

PT-2026-27590

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 18.7.7 Apple iPadOS versions prior to 18.7.7 Apple macOS Sequoia versions prior to 15.7.5 Apple macOS Tahoe versions prior to 26.4 Apple tvOS versions prior to 26.4 Apple visionOS versions prior to 26.4 Apple watchO...

PT-2026-21340

Name of the Vulnerable Software and Affected Versions Lettermint Node.js SDK versions 1.5.0 and below Description The Lettermint Node.js SDK has an issue where email properties to, subject, html, text, and attachments are not reset between calls to the .send function when the same client instance...

MiracleLinux 7 : kernel-3.10.0-862.3.3.el7 (AXSA:2018-3189:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3189:05 advisory. Kernel: FPU state information leakage via lazy FPU restore CVE-2018-3665 Tenable has extracted the preceding description block directly from the MiracleLinux...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992233 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak...

EUVD-2023-59937

Malicious code in bioql PyPI...

EUVD-2023-27600

Malicious code in bioql PyPI...

CVE-2023-53324 drm/msm/mdp5: Don't leak some plane state

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced planestate-commit refcount a few years ago in 21a01abbe32a "drm/atomic: Fix freeing...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: angle: insufficient input validation can cause undefined behavior CVE-2025-6558 webkitgtk: A download?s origin may be incorrectly associated CVE-2025-43240 webkitgtk: Processing maliciously...

Secure Goal-Oriented Communication: Defending against Eavesdropping Timing Attacks

Goal-oriented Communication GoC is a new paradigm that plans data transmission to occur only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver's...

CVE-2022-50037

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...

CVE-2022-50037

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...

UBUNTU-CVE-2022-50037

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...

CVE-2022-50037 drm/i915/ttm: don't leak the ccs state

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...