ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

CVE-2026-48934

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

CVE-2026-10521

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

Astra Linux – Vulnerability in grub2

A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...

Astra Linux – Vulnerability in linux-astra-modules-5.10, linux-astra-modules-5.15, linux-astra-modules-6.1

The vulnerability of Linux Astra Modules relates to errors during thread blocking. Exploiting this vulnerability allows an attacker to compromise data integrity and also cause service failures through the use of a specially created file system...

Astra Linux – Vulnerability in cups

The vulnerability of the copystack function in the CUPS printing server relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...

Astra Linux – Vulnerability in dpdk

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....

Astra Linux – Vulnerability in grub2

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

Astra Linux – Vulnerability in edk2

EDK2 contains a vulnerability in the HashPeImageByType function. A user can cause an out-of-bounds read when a corrupted data pointer and length are sent via an adjacent network. Successful exploitation of this vulnerability may result in a loss of integrity and/or availability...

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

EUVD-2026-37645

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

CVE-2026-10836

The CVE-2026-10836 entry concerns a vulnerability in Password Manager where improper neutralization of HTTP headers allows an attacker to manipulate the Host header via crafted requests. This can lead to generation of manipulated links or responses and potentially cause limited information disclo...

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...