CVE-2026-52995

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS subsystem. This vulnerability allows a local unprivileged user to disclose sensitive kernel memory. When a user queries connection information through getsockoptSOLRDS, RDSINFOIBCONNECTIONS while an RDS connection is not fully...

CVE-2026-53251

A flaw was found in the Linux kernel's Bluetooth subsystem. The hcigetroute function, used in the ISO Isochronous Stream connection handling, fails to release a reference-counted hcidev pointer. This resource leak could lead to a Denial of Service DoS condition...

EUVD-2026-39529

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

CVE-2026-40209

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209

CVE-2026-40209 describes a denial-of-service risk where an attacker can send IXFR queries causing outgoing TCP connections to a backend to remain open until timeouts, potentially exhausting available file descriptors or hitting concurrent-connection limits. The core issue is a hang/linger conditi...

EUVD-2026-39348

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209 Denial of service via IXFR queries

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-40209

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

CVE-2026-52995

The CVE-2026-52995 issue affects the Linux kernel’s RDS path: rds_for_each_conn_info() and rds_walk_conn_path_info() pass a caller-allocated on-stack buffer to visitors and then copy item_len bytes back to user space, potentially exposing uninitialized stack data. In particular, rds_ib_conn_info_...

nginx:1.26 security update

1.26.3-9.0.1 - Require oracle-indexhtml 2:1.26.3-9 - Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.26.3-8 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-7 -...

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

CVE-2025-15619

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

EUVD-2025-210310

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

CVE-2025-15619

Technical details about CVE-2025-15619 are not publicly available in the provided documents. No affected products, versions, or remediation are specified. Monitor for updates.

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

PT-2026-51525

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...

CVE-2026-55599 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

CVE-2026-9162

Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...