EUVD-2026-25250

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

CLSA-2026-1776963378 binutils: Fix of 8 CVEs

CVE-2022-47007: fix memory leak in stabdemanglev3arg - CVE-2022-47008: fix memory leak in maketempdir and maketempname - CVE-2022-47011: fix memory leak in parsestabstructfields - CVE-2022-47010: fix memory leak in prfunctiontype - CVE-2022-48063: fix excessive memory allocation in...

CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

PT-2026-34683

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version v13 Description The TDDPv2 debug protocol uses DES-CBC encryption with a cryptographic key derived from default web management credentials. This makes the key predictable when the device maintains its default...

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...

BIT-KAFKA-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013432 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamondlock DAMON debugfs interface iterates...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013744)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013744 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013520)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013520 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger...

CVE-2026-40945

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

CVE-2026-40945

Oxia (metadata store/coordination system) is affected prior to version 0.16.2. When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext, potentially exposing JWT tokens in application logs and any connected log aggregation systems if DEBUG logging is enabled in ...

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

EUVD-2026-24511

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013073 advisory. In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If ofgenpdaddprovideronecell...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010879)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010879 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012947)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012947 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006990)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006990 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...

PT-2026-34189

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...