36947 matches found
PT-2026-28347
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet, an open source device management software, has multiple unauthenticated HTTP endpoints that do not enforce a size limit when reading request bodies. An unauthenticated attacker can exploit this...
ROS-20260327-73-0007
A vulnerability in the Golang programming language is related to errors in the certificate authentication procedure. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...
OPENSUSE-SU-2026:10443-1 libsuricata8_0_4-8.0.4-1.1 on GA media
These are all security issues fixed in the libsuricata804-8.0.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10444-1 traefik-3.6.12-1.1 on GA media
These are all security issues fixed in the traefik-3.6.12-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-20096
Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
CVE-2026-22321
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
CVE-2026-21671
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution RCE in high availability HA deployments of Veeam Backup & Replication...
CVE-2026-2273
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
OPENSUSE-SU-2026:10438-1 openbao-2.5.2-1.1 on GA media
These are all security issues fixed in the openbao-2.5.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10441-1 strongswan-6.0.5-1.1 on GA media
These are all security issues fixed in the strongswan-6.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
Update Rollup 1 for System Center 2025 Virtual Machine Manager
Update Rollup 1 for System Center 2025 Virtual Machine Manager Applies to Microsoft System Center 2025 Virtual Machine Manager Introduction This article lists the new enhancements and bug fixes that come with System Center Virtual Machine Manager 2025 UR1 release. This article also provides the...
EUVD-2026-15196
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...
DEBIAN-CVE-2026-3608
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...
ALPINE-CVE-2026-3608
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...
CVE-2026-3608
CVE-2026-3608 affects Kea daemons (kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, kea-dhcp6). A maliciously crafted message over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow. Affected versions: 2.6.0–2.6.4 and 3.0.0–3.0.2. Exploitation details a...
CVE-2026-3608 Stack overflow in Kea daemons
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...
CVE-2026-3608
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...
PT-2026-33338
Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6 Description A Denial of Service DoS issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative...
OPENSUSE-SU-2026:10428-1 python311-jupyter-ydoc-3.4.0-2.1 on GA media
These are all security issues fixed in the python311-jupyter-ydoc-3.4.0-2.1 package on the GA media of openSUSE Tumbleweed...