Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan Via a Software-Only Attack

In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP, AMD explicitly emphasizes the capability to prevent Trusted Computing Base TCB rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement...

Palo Alto Networks Prisma SD-WAN ION 信任管理问题漏洞

Palo Alto Networks Prisma SD-WAN ION is a series of next-generation software-defined enterprise branch devices from the American company Palo Alto Networks, capable of integrating 4G or 5G cellular network access. There is a vulnerability in Palo Alto Networks Prisma SD-WAN ION related to trust...

PT-2026-40690

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SVM implementation where CR8 write interception remains enabled after AVIC Advanced Virtual Interrupt Controller is activated. This occurs because the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting or clearing of CR8 write interception when AVIC is activated. This vulnerability...

Striso Control Firmware 安全漏洞

Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...

Flight 路径遍历漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...

PT-2026-40768

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle MitM attacker to impersonate the controller...

PT-2026-40695

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xHCI controller where a Host Controller Error HCE occurs during UAS Storage Device plug/unplug scenarios on Android devices. The xhci irq function checks for HCE,...

CVE-2026-42205

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

CVE-2026-35415

Technical details about CVE-2026-35415 are not publicly available in the provided connected documents. Monitor for updates for specifics on affected products, impact, and mitigations once they are published.

EUVD-2026-29622

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: flux-source-controller, argo-events, melange, gitsign, grype, bom, goreleaser, gomplate, guac, zarf, flux-image-automation-controller, grafana, kots, xeol, teleport, trufflehog, k9s, external-secrets-operator, argocd-image-updater, gitaly, zot, osv-scanner, trivy,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: witness, chainctl-fips, flux-fips, kargo, external-secrets-operator, gitaly-fips, trivy-fips, kubevela-fips, pulumi-language-dotnet, snyk-cli, grafana-alloy, trufflehog, grype-fips, rancher-fleet-fips, gitaly, xeol, gomplate-fips, gitsign, src-fingerprint, flux, cg,...

SUSE CVE-2025-71299

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of PLC/site names on the Web interface communication...

Siemens SIMATIC S7 PLC Web Server

SUMMARY SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix...

Siemens SIMATIC 跨站脚本漏洞

Siemens SIMATIC is a series of programmable control and industrial software products developed by Siemens, a German company, for industrial automation and process control applications. Siemens SIMATIC has a cross-site scripting vulnerability. This vulnerability stems from the Web interface’s moti...