F5 Networks BIG-IP : iControl SOAP vulnerability (K000159021)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159021 advisory. An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-3506...

CLEANSTART-2026-CJ12020 Security fixes for CVE-2015-8080, CVE-2019-10192, CVE-2019-10193, CVE-2020-14147, CVE-2021-32625, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32762, CVE-2021-41099, CVE-2022-24736, CVE-2022-24834, CVE-2022-35977, CVE-2022-3647, CVE-2023-36824, CVE-2023-41053, CVE-2023-41056, CVE-2023-45145, CVE-2024-31227, CVE-2024-31228, CVE-2024-31449, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49844 applied in versions: 5.0.4-r0, 5.0.8-r0, 6.0.3-r0, 6.2.0-r0, 6.2.4-r0, 6.2.5-r0, 6.2.6-r0, 6.2.7-r0, 7.0.12-r0, 7.0.4-r0, 7.0.5-r0, 7.0.6-r0, 7.0.8-r0, 7.2.1-r0, 7.2.2-r0, 7.2.4-r0, 7.2.5-r1, 8.2.2-r0

Multiple security vulnerabilities affect the redis package. These issues are resolved in later releases. See references for individual vulnerability details...

BIT-TOMCAT-2026-43514 Apache Tomcat: AJP secret compared in non-constant time

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may al...

etcd 安全漏洞

Etcd is an open-source key-value storage system for distributed systems, written in the Go language. There are security vulnerabilities in versions of etcd prior to 3.4.44, 3.5.30, and 3.6.11. These vulnerabilities stem from transactions that bypass RBAC authorization checks through PrevKv or Put...

PT-2026-40924

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Uncontrolled recursion during SSL and GSS negotiation...

CVE-2026-41293

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

EUVD-2026-29107

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-29090

Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

Astra Linux - уязвимость в tomcat9

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

Astra Linux - уязвимость в python3.7, python2.7

A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

Malicious code in react-native-parallax-scroll-view-updated (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.117 contained a race condition vulnerability, which was caused by race conditions in the GPU. This vulnerability allowed remote attackers to execute a sandbox escape through a specially crafted...

nginx 1.27.2 < 1.28.3 / 1.29.x < 1.29.7 OCSP Result Bypass

The installed version of nginx is 1.27.2 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured wi...

MITM (Man-in-the-Middle) org.apache.tomcat:tomcat-coyote Dependency in Bamboo Data Center

This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows...

CVE-2026-39935 XSS-via-i18n in localised wiki names

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

Electron 安全漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security...

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

BIT-NATS-2026-33217 NATS allows MQTT clients to bypass ACL checks

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...