UBUNTU-CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

CVE-2026-9503

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

CVE-2026-9503

Summary: CVE-2026-9503 affects GNU LibreDWG up to v0.14, specifically the DWG File Handler’s dwg_next_entity function in src/decode.c. The issue is a null pointer dereference arising from the function’s handling of certain DWG entities, with exploitation requiring local access. The exploit has be...

CVE-2026-9501

CVE-2026-9501 affects GNU LibreDWG up to 0.14, specifically the Dwgread Utility’s src/decode.c decompress_R2004_section function. The vulnerability can cause a reachable assertion under local execution due to manipulation of input data. Exploitation status in the provided docs is not detailed bey...

MAL-2026-4331 Malicious code in ts-typeguard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74d71bf9db34dbac382712020acc0d441e7921053f6664204f5bbff1906b96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-9300

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...

CVE-2026-9300 omec-project amf NGSetupRequest memory corruption

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...

CVE-2026-9298 omec-project amf PathSwitchRequest memory corruption

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...

PT-2026-42876

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...

PT-2026-42880

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...

EUVD-2026-31520

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

GHSA-2FFM-HXRQ-QQMM @hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

Astra Linux – Vulnerability in libhttp-daemon-perl

HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe these risks are; most Perl-based applications are serv...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow in the devredirprocclientdevlistannouncereq function. There are no known workarounds for this issue. Use...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the IPv6 Handler component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issue...

Astra Linux - уязвимость в sqlite3

A vulnerability was discovered in SQLite SQLite3 version 3.43.0 and is classified as critical. This issue affects the sessionReadRecord function in the file ext/session/sqlite3session.c of the make alltest component. The vulnerability results in a heap-based buffer overflow. It is recommended to...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2026-40175 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

[SECURITY] [DSA 6274-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6274-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2026 https://www.debian.org/security/faq -...

GHSA-64RR-PP78-62WW NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021356 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process...