CVE-2026-56450

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Turn quotas off if mount fails after enabling quotas Yi discovered during a review of the patch “ext4: Don’t report errors with inconsistent journal features” that when ext4markrecoverycomplete returns an error value, the...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40250)

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on requestirq failure The mlx5irqalloc function can inadvertently free the entire rmap and end up in a crash1 when the other threads tries to access this, when requestirq fails due to exhauste...

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

EUVD-2025-26493

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01...

CVE-2026-9674

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

PT-2026-46148

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

EUVD-2026-34087

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

Linux Distros Unpatched Vulnerability : CVE-2026-44660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and...

Linux Distros Unpatched Vulnerability : CVE-2026-46231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to t...

CVE-2026-46108

In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...

SUSE CVE-2026-45883

In the Linux kernel, the following vulnerability has been resolved: iio: sca3000: Fix a resource leak in sca3000probe spi-irq from requestthreadedirq not released when iiodeviceregister fails. Add an return value check and jump to a common error handler when iiodeviceregister fails...

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

EUVD-2026-32663

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

CVE-2026-9674

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...

CVE-2026-9674

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...

EUVD-2026-32519

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...