CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-48587

A flaw was found in Django. Remote attackers can exploit this vulnerability due to django.utils.cache.hasvaryheader not properly stripping whitespace from Vary response header values. This allows an attacker to read cached responses by sending requests to URLs with whitespace-padded Vary header...

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

CVE-2026-6873

A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...

CVE-2026-10766

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

EUVD-2026-34177

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

CVE-2026-38978

A flaw was found in Transmission. A clickjacking weakness exists in the browser-facing WebUI and RPC Remote Procedure Call response paths. This vulnerability could allow a remote attacker to trick a user into performing unintended actions by overlaying malicious content over legitimate interface...

Security update for grafana

This update for grafana to version to 11.6.14+security01 fixes the following issues: Security Fixes: CVE-2026-34986: Fixed unrecoverable error in JWE decryption that could lead to a denial of service bsc1262950 CVE-2026-41602: Fixed Integer Overflow or Wraparound vulnerability in Apache Thrift...

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

Moderate: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

CVE-2025-14771

Technical details (affected components, versions, impact, remediation) are not publicly available in the provided documents. Monitor for updates on ABB T-MAC Plus CVE-2025-14771.

CVE-2025-14771 File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...