UBUNTU-CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

OpenSSL TLS 1.3 server may choose unexpected key agreement group

...

Getting Roasted? Trellix Helix sees through AS-REP Attack

Getting Roasted? Trellix Helix sees through AS-REP Attack By Adithya Chandra and Maulik Maheta · March 17, 2026 Executive summary Threat actors regularly target Active Directory environments, continuously refining their toolsets and modifying attack frameworks to bypass security controls. However...

CVE-2026-32264

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

CVE-2026-32263

Craft CMS (versions 5.6.0–5.9.10) is vulnerable where parse_str-derived $settings in src/controllers/EntryTypesController.php is passed directly to Craft::configure() without cleansing via Component::cleanseConfig(). This allows injecting Yii2 behavior/event handlers through keys prefixed with "a...

CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the recvMessageloop validation path in fsm.go. An attacker can crash the GoBGP process by sending a BGP UPDATE whose NEXTHOP attribute reports a length shorter than 4 while the...

EUVD-2026-12506

Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController...

GHSA-4484-8V2F-5748 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

The fix for https://github.com/advisories/GHSA-7jx7-3846-m7w7 commit https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748 only patched src/services/Fields.php, but the same vulnerable pattern exists in ElementIndexesController and FieldsController. You need Craft contro...

Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

The fix for https://github.com/advisories/GHSA-7jx7-3846-m7w7 commit https://github.com/craftcms/cms/commit/395c64f0b80b507be1c862a2ec942eaacb353748 only patched src/services/Fields.php, but the same vulnerable pattern exists in ElementIndexesController and FieldsController. You need Craft contro...

EUVD-2026-12504

Craft CMS vulnerable to behavior injection RCE via EntryTypesController...

GHSA-WVXV-4J8Q-4WJQ Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

EUVD-2025-208723

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...