CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

BELL-CVE-2026-46008 CVE-2026-46008 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-45979 CVE-2026-45979 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-43388 CVE-2026-43388 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-43369 CVE-2026-43369 does not affect BellSoft software

Bulletin has no description...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @getnuvo/importer-react (>=3.3.0 <=3.6.2) +20 more potentially affected by CVE-2026-43898 via @nyariv/sandboxjs (>=0.5.3 <=0.8.36)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =3.3.0, =4.0.1, =0.0.12, =2.1.6, =2.1.6, =1.0.5, =1.0.6, =2.1.6, =2.1.6, =2.15.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-43898 Source advisory: SNYK:JS-NYARIVSANDBOXJS-16642341...

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg2 (UTSA-2026-017606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017606 advisory. There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg...

BELL-CVE-2025-71290 CVE-2025-71290 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-43401 CVE-2026-43401 does not affect BellSoft software

Bulletin has no description...

EUVD-2026-27864

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

CVE-2026-22009

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

CVE-2026-34629

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CLEANSTART-2026-ID24148 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-33186 applied in versions: 0.28.7-r1, 0.29.0-r0, 0.30.0-r0

Multiple security vulnerabilities affect the step package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-25030

Deserialization of Untrusted Data vulnerability in parkofideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through 3.47...

BELL-CVE-2026-23376 CVE-2026-23376 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-23275 CVE-2026-23275 does not affect BellSoft software

Bulletin has no description...

Mattermost fails to verify run_create permission for empty playbookId

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

BELL-CVE-2026-3441 CVE-2026-3441 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-23197 CVE-2026-23197 does not affect BellSoft software

Bulletin has no description...