CLSA-2026-1776156481 Fix of 5 CVEs

SECURITY UPDATE: fix heap buffer overflow in bfdelfparseehframe - debian/patches/CVE-2025-11082.patch: fix heap buffer overflow in bfdelfparseehframe - CVE-2025-11082 SECURITY UPDATE: fix NULL deref in elfgcsweep with empty groups - debian/patches/CVE-2025-5244.patch: fix NULL deref in elfgcsweep...

EUVD-2026-21990

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

The vulnerability CVE-2026-30809 affects Pandora FMS with WebServerModuleDebug in versions 777–800, caused by improper neutralization of special elements in OS commands (OS Command Injection). The CVE List also notes that this can lead to remote code execution. Attack vector is network with no us...

CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

BIT-KIBANA-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

BIT-ELK-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

Bluetooth-app

Bluetooth Security Testing App A Kivy-based Android applicati...

PT-2026-32409

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

PT-2026-32433

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

exploit900

GoldHEN - PS4 Homebrew Enabler...

OESA-2026-1851 golang security update

. Security Fixes: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable...

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...

EUVD-2026-21404

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

EUVD-2026-21370

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

EUVD-2026-21368

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...

CVE-2026-5777

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...

CVE-2026-5777

The CVE-2026-5777 entry concerns the Atom 3x Projector with an improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication. An unauthenticated attacker on the same network can obtain root-level access, enabling complete device compromise per the descr...