215 matches found
CVE-2026-49098
A flaw was found in the Apache Camel Kafka Component. A remote attacker can exploit an improper input validation vulnerability by manipulating specific Kafka headers, such as kafka.OVERRIDETOPIC, when an HTTP consumer bridges into a Kafka producer. This allows the attacker to redirect messages to...
CVE-2026-49097
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
CVE-2026-49097
CVE-2026-49097 affects Apache Camel’s Camel-IRC component. The issue arises when outbound IRC message destinations are taken from non-Camel header names (irc.sendTo and related irc.* headers), which bypass the HTTP header filter. In routes bridging HTTP to irc:, an attacker could set irc.sendTo t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: Do not assume adequate headroom for SDIO headers The function mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr. Both functions blindly assume that adequate headroom will be available...
Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers
When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...
CVE-2026-33773 Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 contained a access control vulnerability. This vulnerability stemmed from the sandbox browser bridging server not requiring gateway authentication, which could allow local attackers to access...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005499)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005499 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005615)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to...
Elysium-Vanguard-Honor-Tool-Kit
🌌 Elysium Vanguard Honor Tool Kit: TITAN v13.0 Hardware-B...
CVE-2025-64125
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
CVE-2025-64123
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...
CVE-2025-64125
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
EUVD-2025-206223
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
CVE-2025-64125 Nuvation Energy nCloud Client-to-Client Communication
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
CVE-2025-64125
Observation: CVE-2025-64125 affects Nuvation Energy nCloud VPN Service and enables Network Boundary Bridging. The issue is confirmed in multiple feeds (NVD/Red Hat) and is fixed as of 2025-12-01; end users did not need to take mitigation action. The available metrics indicate a high-severity impa...
CVE-2025-64125 Nuvation Energy nCloud Client-to-Client Communication
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
EUVD-2026-0767
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
PT-2026-1140
Name of the Vulnerable Software and Affected Versions Nuvation Energy nCloud VPN Service versions prior to 2025-12-01 Description A flaw exists in the Nuvation Energy nCloud VPN Service that permitted Network Boundary Bridging. This allowed for lateral client-to-client pivoting with minimal...
Nuvation Energy nCloud VPN 安全漏洞
Nuvation Energy nCloud VPN is a secure remote connectivity service from Nuvation Energy USA. A security vulnerability exists in Nuvation Energy nCloud VPN that stems from the presence of network boundary bridging...