CVE-2026-13007

Tenable Identity Exposure exposes multiple unauthenticated API endpoints under /w/api/* that return sensitive configuration data (cleartext LDAP credentials, SAML config, user accounts, directory settings). Responses are served with Cache-Control: public and without Vary: Cookie, enabling reverse...

CVE-2026-10651

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, btsdpparseattribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an additiona...

CVE-2026-10658

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks

A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...

CVE-2026-12804

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

Astra Linux – Vulnerability in OpenLDAP

In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...

CVE-2026-49454

Relyra (Elixir/Phoenix SAML SP) versions 1.0.0 and 1.1.0 are affected by an authentication bypass due to forged SignatureValue not being cryptographically verified in SAML 2.0 processing. The XMLDSig trust boundary was incomplete: :public_key.verify over the exclusive-C14N SignedInfo was not chec...

kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks

A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...

Reachable Assertion

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Reachable Assertion via the resolveobjbyqualname function. An attacker can execute arbitrary code by publishing a malicious model with a crafted...

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

PT-2026-49334

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst av1 parser parse tile list obu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a...

OESA-2026-2683 sofia-sip security update

Sofia SIP is a RFC-3261-compliant library for SIP user agents and other network elements. The Session Initiation Protocol SIP is an application-layer control signaling protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telepho...

EulerOS Virtualization 2.13.1 : systemd (EulerOS-SA-2026-2390)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

EUVD-2026-36311

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

PT-2026-48733

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions 2.0.0 through 78.13.0 Cloud Foundry CF Deployment versions prior to 56.1.0 Description Cloud Foundry UAA incorrectly treats XML encryption to the Service Provider as a substitute for XML signatures from the Identity...