PT-2026-48915

Aqara Home Android com.lumiunited.aqarahome 6.0.0 and white-label clients embedding the same liblumidevsdk.so uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1...

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

PT-2026-31314

Name of the Vulnerable Software and Affected Versions ProSolution WP Client plugin for WordPress versions up to and including 1.9.9 Description The ProSolution WP Client plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the proSol...

Fedora: Security Advisory (FEDORA-2025-d24499a627)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service DoS condition. "These vulnerabilities are due to improper validation of reques...

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code...

Vulnerability fixed in Trend Micro ServerProtect

Trend Micro has fixed a vulnerability in ServerProtect. A unauthenticated malicious party could potentially abuse it to bypass authentication. The vulnerability has a CVSS3.1 score of 9.8 assigned. Content-wise, however, few technical details made publicly available. Trend Micro has released...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Remote code execution User rights Acces...

AZL-7321 CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...

AZL-36968 CVE-2019-5544 affecting package openslp for versions less than 2.0.0-26

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8...