1536 matches found
PT-2026-52560
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The AVX2-optimized ML-KEM implementation contains a logic error in the mlkem cmp avx2 function during the Fujisaki-Okamoto transform. In ML-KEM-1024 decapsulation, the constant-time ciphertex...
CVE-2026-53094
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...
EUVD-2026-38962
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...
CVE-2026-53094
The CVE affects the Linux kernel BPF/JIT path for dev-bound-only XDP programs. When constant blinding is enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program and bpf_jit_prog_release_other() frees the original, but offload->prog isn’t updated, leaving a stale pointer....
CVE-2026-53094 bpf: Fix stale offload->prog pointer after constant blinding
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...
EUVD-2026-38949
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: It is necessary to preserve the id of the register in the synclinked regs function. The synclinked regs function copies the id of knownreg to reg when propagating the bounds of knownreg to reg, using the offset of knownreg...
PT-2026-51975
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Berkeley Packet Filter BPF verifier within the regsafe function. The issue occurs when comparing two scalar registers that both carry BPF ADD CONST values; the check...
PT-2026-51988
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where a stale pointer is maintained after constant blinding. When a dev-bound-only BPF program BPF F XDP DEV BOUND ONLY undergoes JIT compilation wit...
CVE-2026-56425
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...
SUSE-SU-2026:22197-1 Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....
EUVD-2026-37199
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...
CVE-2026-22312
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...
CVE-2026-22312
CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...
CVE-2026-49106
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
CVE-2026-49106 WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
EUVD-2026-36883
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
CVE-2026-49106
The CVE-2026-49106 entry concerns the WordPress plugin “Integration for Contact Form 7 and Constant Contact” (versions ≤ 1.1.6). The vulnerability is an unauthenticated PHP Object Injection in that integration, enabling an attacker to potentially manipulate PHP objects without authentication. The...
Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...
GHSA-RRJ9-5Q2J-4GVR Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade
Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...