CVE-2026-34045

Podman Desktop prior to 1.26.2 contains an unauthenticated HTTP server that, due to missing connection limits and timeouts, can be abused over the network to trigger denial-of-service conditions and to extract sensitive information. The vulnerability can exhaust file descriptors and kernel memory...

RLSA-2026:6005 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

ROS-20260407-73-0006

Vulnerability in kernel-lt related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities, which stem from logical errors and may lead to remote denial-of-service attacks...

AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

Summary The install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors...

PT-2026-30334

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The install/test.php diagnostic script has its CLI-only access guard disabled, allowing access via HTTP after installation. This exposes video viewer statistics, including IP addresses, session IDs, a...

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

CLSA-2026-1775220882 openssh: Fix of CVE-2026-3497

CVE-2026-3497: terminate GSSAPI key exchange on protocol errors using sshpacketdisconnect instead of sshpktdisconnect downstream gsskex patch...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from integer truncation in the siphelptcp function, potentially leading to parsing errors...

ROS-20260403-73-0023

A vulnerability in the mm/ptdump component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260403-73-0015

A vulnerability in the arm64/entry component of the Linux operating system kernel is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from mm mseal failing to correctly update the end address during the merging of VMA sections,...

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers

Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...

GHSA-2VHW-Q7VH-7XV2 openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers

Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

Temporal Server 安全漏洞

Temporal Server is a microservices orchestration platform developed by Temporal Corporation. There is a security vulnerability in Temporal Server. This vulnerability stems from the fact that users with the “Writer” role in the namespaces controlled by attackers can send signals, delete, and reset...

PT-2026-29690

Name of the Vulnerable Software and Affected Versions Open vSwitch affected versions not specified Description An issue exists in Open vSwitch related to invalid memory access within the conntrack FTP algorithm. Specifically, crafted FTP payloads can trigger invalid memory accesses, potentially...

Zscaler Client Connector 安全漏洞

The Zscaler Client Connector is a lightweight agent provided by Zscaler Inc. There is a security vulnerability associated with the Zscaler Client Connector, which stems from incorrect startup configurations. This vulnerability may cause a small amount of traffic to go unnoticed in rare instances...