EUVD-2026-31474

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

CVE-2026-36226

CVE-2026-36226 affects Advantech WebAccess/SCADA 8.0-2015.08.16. A cross-site scripting flaw resides in the Admin Dashboard’s Create New Project User component, where unsanitized input in the decryption field can be rendered and execute JavaScript in an authenticated user’s browser context. Docum...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016652 advisory. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated cipherte...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-rsa (UTSA-2026-016608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016608 advisory. It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher...

MAL-2026-4549 Malicious code in dot-utils-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3091b9bb8cbf714d9391a59f7303a3748e183bbdf0fba2264b7496a2072e717f On every import, dist/index.js base64-decodes a hardcoded AES-256-CBC ciphertext, derives a key from environment variable VITEDOTUTILSAESSECRET,...

Exploit for Path Traversal in Mikrotik Routeros

Ferramentas de Pentest — /rede Repositório de scripts para au...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

Malicious code in idlidosa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6cba2c58d95d705af7dc5bb1c630129127835fb1ef15d4ccf43ec2818bf632 The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when th...

Astra Linux - уязвимость в linux

A issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can exploit this vulnerability to inject and potentially decrypt packets in WPA or WPA2 networks...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: krb5enc – Fix for async decryption skipping hash verification The krb5encdispatchdecrypt function sets req-base.complete as the skcipher callback. This means that when the skcipher completes asynchronously, it signals...

Astra Linux - уязвимость в openssl

There exists a timing-based side channel in the OpenSSL RSA Decryption implementation. This vulnerability could be sufficient for an attacker to recover plaintext across a network in a Bleichenbacher-style attack. To successfully decrypt data, an attacker would need to be able to send a very larg...

Astra Linux - уязвимость в firefox, thunderbird, nss

NSS was vulnerable to a timing-side-channel attack during RSA decryption. This attack could potentially allow an attacker to retrieve private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Astra Linux - уязвимость в thunderbird

Thunderbird unprotects a secret OpenPGP key before using it for decryption, signing, or key import tasks. If the task fails, the secret key may remain in memory in an unprotected state. This vulnerability affects Thunderbird versions earlier than 78.8.1...

Astra Linux - уязвимость в openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

🩸 CVE-2026-31635 – DirtyDecrypt Linux Kernel Local Priv...

Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1878-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1878-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes one security issue The following security issue was fixed: - CVE-2026-43284:...

SUSE-SU-2026:21774-1 Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

SUSE-SU-2026:1959-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker...