EUVD-2026-17507

In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana...

EUVD-2026-17474

In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL...

com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...

com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (>=1.0.0-RC3 <=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0-RC3, =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1, =0.158.v8e18e64dd93c, =0.172.v9dbcb43cdbcc - io.micronaut.mcp:micronaut-mcp-client-java-sdk =1.0.0-M2 - io.micronaut.mcp:micronaut-mcp-server-java-sdk =1.0.0-M2 -...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1487)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1487 advisory. In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has bee...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

PT-2026-27248

Name of the Vulnerable Software and Affected Versions PTC Windchill PDMLink versions 11.0 M030 through 13.1.3.0 PTC FlexPLM versions 11.0 M030 through 13.0.3.0 Description A critical remote code execution RCE issue has been identified in PTC Windchill and PTC FlexPLM. The issue stems from the...

Linux Distros Unpatched Vulnerability : CVE-2026-32829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak...

GHSA-VVP9-7P8X-RFVV lz4_flex's decompression can leak information from uninitialized memory or reused output buffer

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

PT-2026-25835

Name of the Vulnerable Software and Affected Versions ChargePoint Home Flex affected versions not specified Description A stack-based buffer overflow exists in the OCPP getpreq functionality of ChargePoint Home Flex, potentially leading to remote code execution. The issue was discovered during th...

(Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack o...

PT-2026-25836

Name of the Vulnerable Software and Affected Versions ChargePoint Home Flex affected versions not specified Description A severe issue exists in ChargePoint Home Flex that allows for remote code execution via command injection in the revssh service. This was discovered during the Pwn2Own...

(Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script. The issue results from the inclusion o...

PT-2026-25834

Name of the Vulnerable Software and Affected Versions ChargePoint Home Flex affected versions not specified Description The ChargePoint Home Flex software contains an information disclosure issue. Sensitive information was included in the source code. The issue was discovered by Sina Kheirkhah of...

(Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the la...

Malicious Package

Overview chai-as-flex is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

MAL-2026-1343 Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

EUVD-2025-208480

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...