vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

BIT-JRE-2026-34268

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

BIT-JRE-2026-22007

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

BIT-JRE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

BIT-JRE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

FastGPT 访问控制错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.10 to 4.14.13 of FastGPT, there was an access control vulnerability. This vulnerability stemmed from the agent-sandbox component’s startup script using the...

Spying across Chiplets: Side-Channel Attacks in 2.5/3D Integrated Systems

Advanced packaging and chiplet-based integration are increasingly adopted to build complex heterogeneous systems beyond the limits of monolithic scaling. While these architectures offer major benefits in terms of modularity, yield, and performance, they also introduce new physical attack surfaces...

PT-2026-38826

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

PT-2026-38808

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

PT-2026-38688

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

PT-2026-38784

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

CVE-2026-7414

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

SUSE CVE-2026-43205

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against DPSWMAXIF 64. This value controls iteration in...

SUSE CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

Yarbo 信任管理问题漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...

Linux Distros Unpatched Vulnerability : CVE-2026-43205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from firmware via dpswgetattributes but never validates it against...

Linux Distros Unpatched Vulnerability : CVE-2026-42503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit ho...

CVE-2026-43239

A flaw was found in the Linux kernel's Server Message Block SMB client. A race condition exists where multiple operations attempting to update network interfaces could execute simultaneously. This concurrency issue could lead to an inconsistent state within the SMB client, potentially causing...

@jupyter-notebook/application (>=7.2.0 <=7.4.7), @jupyterlite/application (>=0.4.0 <=0.6.4) +4 more potentially affected by CVE-2026-42557 via @jupyterlab/rendermime-interfaces (>=3.10.7 <=3.12.10)

@jupyterlab/rendermime-interfaces NPM version =3.10.7, =7.2.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.1.1, =0.2.2 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABRENDERMIMEINTERFACES-16438959...