CVE-2026-43274

A flaw was found in the Linux kernel's mailbox subsystem, specifically within the mchp-ipc-sbi component. This vulnerability involves an out-of-bounds access in the mchpipcgetclusteraggrirq function. The clustercfg array, which holds per-CPU configuration structures, was incorrectly indexed using...

EUVD-2026-27669

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...

CVE-2026-5724

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

EUVD-2025-205801

RustFS has a gRPC Hardcoded Token Authentication Bypass...

CVE-2025-68926

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

CVE-2025-68926

CVE-2025-68926 – RustFS hardcoded gRPC token authentication bypass . Affected RustFS versions prior to 1.0.0-alpha.78 expose a publicly visible hardcoded token, “rustfs rpc”, used for gRPC authentication on both client and server. The token is non-configurable and identical across deployments, en...

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

EUVD-2009-0511

Malware in sbrugna...

GHSA-46HR-3CQ3-MCGP OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

Improper Cluster Permissions

Carina is vulnerable to Improper Cluster Permissions. The vulnerability is due to insecure cluster configuration, allowing local attackers to execute arbitrary code through crafted commands, leading to the extraction of cluster secrets and potential takeover of the entire cluster...

CVE-2024-20325

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations o...

CVE-2024-20325

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations o...

GHSA-P6GG-5HF4-4RGJ Graylog vulnerable to instantiation of arbitrary classes triggered by API request

Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads...

How to change admin profile on Citrix NetScaler VPX instances configured in cluster

This article provides instruction to change the admin profile of a Citrix NetScaler VPX instance that is configured in a cluster on a Citrix NetScaler SDX appliance. Requirements Two Citrix NetScaler SDX appliances should be provisioned in advance with Citrix NetScaler VPX instances and they shou...

PT-2023-5440 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.7.3 IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.3 Description: The issue is related to insufficient security configuration, which may allo...

Apache Tomcat 资源管理错误漏洞

Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...