CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

CVE-2026-28964

CVE-2026-28964 corresponds to an inconsistency in the user interface resolved by improved state management across Apple platforms. The vulnerability affects CoreAnimation and could allow an app to access sensitive user data due to UI state inconsistencies. Apple’s advisories for iOS 26.5, iPadOS ...

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

Open WebUI has inconsistent authorization controls within memories API

Summary Authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Details Using a newly created non-admin user with no existing memories, it is possible to view existing...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system designed for iPad tablets. Apple VisionOS is an operating system suitable for AR glasses. Several of Apple’s products have securi...

PT-2026-39811

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of snapshot context in the cephzeropartialobject function within Ceph. This...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...

CLSA-2026-1776849467 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from inconsistent lock order between the unlink operation of the ocfs2 file system and the dioendiowrite...

SUSE CVE-2026-33259

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

DOMPurify 跨站脚本漏洞

DOMPurify is a JavaScript-based tool developed by Cure53, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions of DOMPurify prior to 3.4.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from inconsistencies in the handling of...

CVE-2026-33259

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in DSC validation in the AMD display driver. This error allows bypassing irrelevant mode...

PT-2026-34323

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

PowerDNS Recursor（pdns_recursor） 资源管理错误漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. PowerDNS Recursor has a resource management vulnerability; this vulnerability arises from multiple concurrent transmissions within the same RPZ, which can lead to inconsistent RPZ data, reus...

CVE-2025-31958

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...