Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

EUVD-2026-34041

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...

CVE-2026-10717

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...

CVE-2026-10717

The vulnerability CVE-2026-10717 affects openSeaChest v25.05.3 (Seagate Open-Seachest/Seachest) and specifically the --showSCSIDefects feature. Out-of-bounds writes/reads occur when handling very large defect lists or a maliciously crafted SCSI defect response length, enabling writing defect info...

Local Deep Research 代码问题漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

CVE-2026-42002

A flaw was found in pdns-recursor. Concurrency and locking defects in the Generic Security Service Algorithm for Secret Key Transaction Signatures GSS-TSIG could allow a remote attacker to cause a denial of service...

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability, which stems from business logic defects. Attackers can exploit the features of legitimate applications in an unintended and abnormal manner to carry ou...

CVE-2026-42002 Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG...

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

CVE-2026-42002 Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG...

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

EUVD-2026-31260

Concurrency and locking defects in GSS-TSIG...

CVE-2026-42002

CVE-2026-42002 relates to PowerDNS Authoritative (pdns) and is caused by concurrency and locking defects in GSS-TSIG. The Debian advisory notes these issues could lead to denial of service or information disclosure, and recommends upgrading to pdns 4.9.15-0+deb13u1. Connected sources also referen...

PT-2026-42448

Concurrency and locking defects in GSS-TSIG...

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence AI-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for m ulti-mod el a gentic s canning h...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, stemming from multiple defects in the RINGCTRLABORT processing in MIPI I3C HCI DMA. These defects include...

HCL BigFix RunBookAI 命令注入漏洞

HCL BigFix RunBookAI is an artificial intelligence automation product developed by the Indian company HCL. HCL BigFix RunBookAI has a command injection vulnerability. This vulnerability arises from unvalidated command inputs or potential command embedding. There are defects in the component input...

WordPress plugin YML for Yandex Market 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...