574 matches found
CVE-2026-39834 affecting package moby-engine for versions less than 25.0.3-18
CVE-2026-39834 affecting package moby-engine for versions less than 25.0.3-18. A patched version of the package is available...
Seagate openSeaChest 安全漏洞
Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from out-of-bounds writing and reading operations during the --showSCSIDefects...
PT-2026-45870
Name of the Vulnerable Software and Affected Versions openSeaChest version 25.05.3 Description Out of bounds write and read operations occur when using the --showSCSIDefects command. This issue allows for writing defect information out of bounds when processing very large defect lists, which can ...
Linux Distros Unpatched Vulnerability : CVE-2026-9892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to...
UBUNTU-CVE-2026-48961
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...
UBUNTU-CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
CVE-2026-42002
Concurrency and locking defects in GSS-TSIG...
CVE-2026-42959
A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: rejecting negative ifindex values Recent changes in net-next commit 759ab1edb56c reorganized the handling of pre-assigned ifindex values. This led to a latent issue in ovs. ovs does not validate ifindex values,...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0
The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...
ISPB
🛡️ AI-powered Security Scanner Platform A next-generation...
Iterative Audit Convergence in LLM-Managed Multi-Agent Systems: A Case Study in Prompt Engineering Quality Assurance
Prompt specifications for multi-agent large language model LLM systems carry data contracts and integration logic across many interdependent files but are rarely subjected to structured-inspection rigor. This paper reports a single-system empirical case study of iterative, agent-driven auditing...
CVE-2026-27141 affecting package ignition-flatcar for versions less than 2.22.0-2
CVE-2026-27141 affecting package ignition-flatcar for versions less than 2.22.0-2. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2026-43360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have ...
EUVD-2026-25417
Codechecker has an authentication bypass for certain API calls...
GHSA-R727-5PF6-47R2 Elastic Package Registry has Improper Verification of Cryptographic Signature
Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...
CVE-2026-35379
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010994)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010994 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2ioctlmoveextents ocfs2moveextents...
CVE-2026-40247
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...