ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).

Bulletin has no description...

ECHO-85D4-7FA8-A8C9 From https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a

Bulletin has no description...

JLSEC-2026-458

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...

JLSEC-2026-457

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface...

EUVD-2026-28379

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...

CVE-2026-41505

RELATE is a web-based courseware package. Prior to commit 2f68e16, auth.py's make_sign_in_key() and exam.py's gen_ticket_code() generate predictable tokens, enabling potential exploitation across a network without user interaction. The issue is marked in CVSS 3.1 as HIGH (AV:N/AC:H/PR:N/UI:N/S:C/...

CVE-2026-41505

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...

CVE-2026-41505 RELATE: Predictable Token Generation in auth.py and exam.py

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...

PT-2026-38443

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make sign in key function and exam.py's gen ticket code function. This issue has been patched via commit 2f68e16...

PT-2026-38544

Name of the Vulnerable Software and Affected Versions grokability snipe-it versions prior to 8.4.1 Description Insecure permissions allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component. Users with permissions to view assets or...

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

EUVD-2026-27797

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate. In particular,...

CVE-2026-43269 drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...

CVE-2026-43236 drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate. In particular,...

CVE-2026-43236

The CVE-2026-43236 vulnerability affects the Linux kernel’s drm/atmel-hlcdc component. The atmel_hlcdc_plane_atomic_duplicate_state() callback copied the drm_plane_state without duplicating the base state, leaving state->commit pointing to the old object and enabling a use-after-free in the ne...

Paramiko rsakey.py allows the SHA-1 algorithm

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

PT-2026-37609

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic destroy state callback After several commits, the slab memory increases. Some drm crtc commit objects are not freed. The atomic destroy state callback only put the framebuffer. Use...

PT-2026-37576

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drm crtc commit after release The atmel hlcdc plane atomic duplicate state callback was copying the atmel hlcdc plane state structure without properly duplicating the drm plane state. In...

EUVD-2026-27017

PPTAgent: Arbitrary File Write via savegeneratedslides...

EUVD-2026-27015

PPTAgent: Arbitrary Code Execution via Python eval of LLM-Generated Code with Builtins in Scope...