OSV-2026-787 Heap-buffer-overflow in N_BELE_RTP::BEPolicy::get32

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514739401 Crash type: Heap-buffer-overflow READ 4 Crash state: NBELERTP::BEPolicy::get32 PackLinuxElf32::elflookup PackLinuxElf32::PackLinuxElf32help1...

CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed a potential data race in rxrpcwaittobeconnected. Inside the loop in rxrpcwaittobeconnected, it checks call-error to see if it should exit the loop without first checking the call state. This is probably safe, as if...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: be2net: fixed a potential memory leak in bexmit. bexmit returns NETDEVTXOK without freeing the skb variable, in case bexmitenqueue fails. To address this issue, add devkfreeskbany to properly handle the situation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Do not pick up BE without a substream When DPCM attempts to establish valid BE connections using dpcmaddpaths, it does not check whether the selected BE actually supports the given stream direction. As a result, when ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Added a NULL check in BE reparenting. A NULL check was also added to the dpcmbereparent API, to handle kernel NULL pointer dereferencing errors. This issue occurred during fuzzing tests...

UBUNTU-CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

EUVD-2026-24081

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

PT-2026-33927

Name of the Vulnerable Software and Affected Versions TYPO3 CMS version 14.2.0 Description Changing backend users passwords through the user settings module causes the cleartext password to be stored in the uc and user settings fields of the be users database table. Recommendations At the moment,...

ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +515 more potentially affected by CVE-2026-33557 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)

org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-33557 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16207346...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.3)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...

EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

Women’s History Month: Encouraging women in cybersecurity at every career stage

Women’s History Month—and International Women’s Day on March 8, 2026—always gives me pause for reflection. It’s a moment to think about how far we’ve come and think about who we choose to uplift as we look ahead. Throughout my career, I’ve been inspired by extraordinary women leaders—trailblazers...

CVE-2026-3285

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

CVE-2026-3285

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

CVE-2018-2217

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

CVE-2018-2206

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

CVE-2017-4554

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

CVE-2017-4552

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...