563 matches found
CVE-2026-45021
Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...
EUVD-2026-32966
Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...
SUSE CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
EUVD-2026-32675
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...
CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
UBUNTU-CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
CVE-2026-46101
CVE-2026-46101 relates to the Linux kernel netfilter component, specifically the nft_bitwise operation. The issue arises from zero shift operands in left/right shift expressions during initialization. The carry propagation logic uses BITS_PER_TYPE(u32) - shift; a zero shift operand can produce a ...
CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
EUVD-2026-32484
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
PT-2026-43969
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft bitwise Reject zero shift operands for nft bitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using BIT...
UFO³ 安全漏洞
UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains security vulnerabilities. These vulnerabilities stem from the WebSocket control plane’s reliance on identity and role fields provided by clients,...
GHSA-VRXG-GM77-7Q5G Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS
HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...
K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699
Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...
K000159021: iControl SOAP vulnerability CVE-2026-35062
Security Advisory Description An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-35062 Impact A low privileged authenticated remote attacker may be able to obtain information of other local accounts. There is no data plane exposure; this is a control...
K000161107: BIG-IP tmsh vulnerability CVE-2026-41217
Security Advisory Description A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful...
K000149743: BIG-IP SSL Orchestrator vulnerability CVE-2026-42780
Security Advisory Description A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. CVE-2026-42780 Impact An authenticated attacker with high privilege may exploit this...
K000156581: iControl REST and tmsh vulnerability CVE-2026-40462
Security Advisory Description Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS Shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. CVE-2026-40462 Impact An authenticated attacker may exploit these vulnerabilities b...
K000160863: iControl REST and tmsh vulnerability CVE-2026-39459
Security Advisory Description A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-39459 Impact This vulnerability may allow...
K000160972: BIG-IP and BIG-IQ privilege escalation vulnerability CVE-2026-32643
Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. CVE-2026-32643 Impact This vulnerability may allow...
K000160971: BIG-IP and BIG-IQ privilege escalation vulnerability CVE-2026-42406
Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. CVE-2026-42406 Impact This vulnerability may allow...