EUVD-2026-31871

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

CVE-2026-48901

The CVE-2026-48901 entry concerns Joomla! Core: the InputFilter::getInstance() method omits a security‑sensitive parameter from the instance cache key, enabling an issue in cache key construction. Affected component is the InputFilter object (core). The published metrics indicate a high impact on...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

Astra Linux - уязвимость в ceph

A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...

RHEL 10 : p11-kit (RHSA-2026:18143)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18143 advisory. The p11-kit packages provide a mechanism to manage PKCS11 modules. The p11-kit-trust subpackage includes a PKCS11 trust module that provides...

RHEL 9 : openssl (RHSA-2026:19218)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19218 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

UBUNTU-CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

Security Bulletin: Multiple Vulnerabilities in watsonx.data

Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 2 version, which was present in different version from watson.data 2.2.2 to watsonx.dat 2.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic...

OpenFGA 安全漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.14.1 contained a security vulnerability. This vulnerability arises from the use of cache conditions in certain scenarios, which may lead to two different chec...

GHSA-M983-V2FF-WQ65 LiveQuery protected field leak via shared mutable state across concurrent subscribers

Impact When multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.7 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an...

Exploit for CVE-2026-26335

👤 Author Mohammed Idrees Banyamer Security Researcher...

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

MiracleLinux 7 : nss-softokn-3.44.0-8.el7, nss-util-3.44.0-4.el7, nss-3.44.0-7.el7 (AXSA:2019-4421:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4421:01 advisory. nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate CVE-2019-11745 nss: Empty or malformed...

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

OPENSUSE-SU-2025:20113-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove proxyalways field. - config: Change settings history parsing to use python3. - doveadm: Print...

EUVD-2019-2155

Malware in sbrugna...

EUVD-2015-0008

Malware in sbrugna...

EUVD-2005-3997

Malware in sbrugna...