kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

RockyLinux 9 : buildah (RLSA-2026:19186)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19186 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

Protecting On-Device AI Inference: A Systematic Review of Attacks and Defence Mechanisms

The need for secure and private Artificial Intelligence AI and Machine Learning ML on edge and mobile devices has increased the necessity of protecting the architecture of these systems from threats to both security and privacy. With an ever-increasing number of pre-trained AI models being used o...

PT-2026-44184

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists where Keycloak may incorrectly process unsigned claims when a JSON Web Encryption JWE encrypted request object is submitted, provided the decrypted content is raw JSON. This...

CVE-2026-5065

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

UBUNTU-CVE-2026-46077

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

EUVD-2026-32448

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

CVE-2026-5065

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

EUVD-2026-32423

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065 IBM Controller is affected by vulnerabilities

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065 IBM Controller is affected by vulnerabilities

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065

CVE-2026-5065: IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Affected products: IBM Controller 11.0.1–11.1.2. Severity is high (CVSS v3.1: 8.8, NETWORK attack vector, ...

CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information...

CVE-2026-2237

CVE-2026-2237 : A vulnerability in the Synology Storage Manager package (volume encryption) prior to version 1.0.1-1100 arises from using GET requests with sensitive query strings. This allows a local attacker to read sensitive information. Documents identify the affected component as the Storage...

CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information...

EUVD-2026-32153

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information...

CVE-2026-2237

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information...

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...