CVE-2026-44065

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

Semantic Denial of Service in LLM-Controlled Robots

Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...

GHSA-6GM8-3G4H-W82M Ella Core Panics Upon NGAP handover failure

Summary Ella Core panics when processing a NGAP handover failure message. Impact If an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers. Fix Improve guards in NGAP handover handlers...

CVE-2026-32319

CVE-2026-32319 affects Ella Core (5G private-net core). The issue arises when processing a malformed integrity-protected NGAP/NAS message shorter than 7 bytes, which can cause the Ella Core process to panic and crash, enabling unauthenticated DoS and service disruption for all connected subscribe...

CVE-2026-20977

Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning...

Absolute Secure Access security vulnerability

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.20 contained a security vulnerability. This vulnerability allowed attackers wit...

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...

Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know

The Rapid7 Threat Focus: Salt Typhoon report profiles one of the most sophisticated and persistent state-sponsored threat actors operating today. Salt Typhoon, a Chinese espionage advanced persistent threat APT group linked to the Ministry of State Security MSS, has spent years infiltrating globa...

EUVD-2022-27465

Malicious code in bioql PyPI...

CVE-2025-10365 Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

simple-admin-core SQL Injection vulnerability

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

GHSA-84PP-QR92-95C9 Liferay Portal users can upload an unlimited amount of files

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

The vulnerability of the `addImage` method in the library for creating PDF files (jsPDF) allows a hacker to induce a service failure.

The vulnerability of the addImage method in the library used for creating PDF files by jsPDF is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by uploading a payload to the server...

The vulnerability of the net/mlx5 component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the net/mlx5 component in the Linux operating system is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the drm/xe component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the drm/xe component in the Linux operating system is related to the copying of buffers without checking the input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability in the driver/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the driver/net/ethernet/marvell/octeontx2/nic/otx2dmacflt.c component of the Linux operating system is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability in the driver/net/ethernet/renesas/rswitch.c component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the drivers/net/ethernet/renesas/rswitch.c component of the Linux operating system is related to the use of memory after it has been freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

Vulnerability of the mt76_connac_mcu_uni_add_dev() function in the drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c module – A driver for supporting wireless connection adapters in the Linux operating system, which allows a hacker to cause a service failure

Vulnerability of the mt76connacmcuuniadddev function in the drivers/net/wireless/mediatek/mt76/mt76connacmcu.c module – The Linux kernel’s wireless adapter support driver has a vulnerability due to incorrect input validation. Exploiting this vulnerability could allow an attacker to cause system...

The vulnerability of the phpseclib cryptographic protocol library, related to incorrect input validation, allows attackers to trigger a service failure.

The vulnerability of the phpseclib cryptographic protocol library is related to insufficient checks on the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...