Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.5 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the rules engine process. An attacker can execute arbitrary code on the server, read arbitrary files, steal environment variables including database credentials, and bypass multi-tenant isolation to access da...

RHEL 8 : thunderbird (RHSA-2026:8288)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8288 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine...

PT-2026-33086

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-rce-4fverepv)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this...

RHEL 9 : thunderbird (RHSA-2026:8286)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8286 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine...

RHEL 9 : thunderbird (RHSA-2026:8284)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8284 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine...

Cisco ISE和Cisco ISE-PIC 安全漏洞

Cisco ISE and Cisco ISE-PIC are both products of the American company Cisco. Cisco ISE is a NAC solution designed to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE-PIC is a component of Cisco ISE. Both Cisco ISE and Cisco ISE-PIC have...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...

PT-2026-33088

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

PT-2026-33087

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitra...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...

PT-2026-33092

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on th...

PT-2026-33085

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-rce-traversal-8bYndVrZ)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this...

Cisco Identity Services Engine (cisco-sa-isexss-BS8ctE7U)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrativewrite privileges to conduct a stored cross-site...

PT-2026-33094

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on the...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google with a V8 engine for executing JavaScript code. A type confusion vulnerability exists in Google Chrome's V8 engine. The vulnerability stems from the engine's failure to properly handle object types and can be exploited by an attacker to perform...