CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

EUVD-2026-32993

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

CVE-2026-47136

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

CVE-2026-47136

CVE-2026-47136 affects RustFS, a distributed object storage system written in Rust. The issue is an unauthenticated exposure of license metadata via the console endpoint GET /rustfs/console/license, which is accessible to any client that can reach the console listener and returns JSON containing ...

CVE-2026-46191

A flaw was found in the Linux kernel's framebuffer console fbcon component. When console rotation fails, the fbconrotatefont function may keep an old font buffer that is too small for the rotated font. A local user printing to the rotated console with a high character code can trigger an...

Supply Chain Compromises Impact Nx Console and GitHub Repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development CI/CD pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code VS...

CVE-2026-46191

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

UBUNTU-CVE-2026-46191

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

CVE-2026-46191

CVE-2026-46191 concerns the Linux kernel fbcon component: when console rotation fails during fbcon_rotate_font(), the font buffer may overflow due to an OOB access. The fix clears the font buffer if the reallocation during console rotation fails and ensures the rotated buffer does not overflow. D...

EUVD-2026-32818

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

CVE-2026-46191

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

OSEC-2026-09 Albatross-console memory exhaustion

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

CVE-2026-32998

Veeam Service Provider Console (VSPC) contains a critical remote code execution vulnerability (CVE-2026-32998) that affects versions prior to the fix. The CVE is addressed starting with VSPC 9.2.1.33875, per Veeam KB4853 and KB4788, which state the vulnerability was fixed and list the affected bu...

CVE-2026-32998

This vulnerability in Veeam Service Provider Console allows for remote code execution...

EUVD-2026-32714

This vulnerability in Veeam Service Provider Console allows for remote code execution...

CVE-2026-32998

This vulnerability in Veeam Service Provider Console allows for remote code execution...

CVE-2026-32998

This vulnerability in Veeam Service Provider Console allows for remote code execution...