Anchor: `InterfaceAccount` allows account substitution between unexpected types

Impact Any uses of InterfaceAccount allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled discriminator checking for this type. The bug was originally reported and fixed in https://github.com/solana-foundation/anchor/pull/4139, s...

[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-3.fc43

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

Important: Red Hat Security Advisory: Red Hat Ceph Storage

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1. This release updates to the latest version...

CVE-2026-22614

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

Important: Red Hat Security Advisory: Red Hat Ceph Storage

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1. This release updates to the latest version...

PT-2026-7862

Name of the Vulnerable Software and Affected Versions BrightSign players versions prior to 8.5.53.1 series 4 BrightSign players versions prior to 9.0.166 series 5 Description BrightSign players utilize a default password that can be easily guessed if device information is known. This allows...

Security Bulletin: NVIDIA Triton Inference Server - December 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

Malware Injection

prebid-universal-creative is vulnerable to malware injection. The vulnerability is due to the inclusion of crypto-related malicious code and the latest release, which allows an attacker to execute unauthorized cryptocurrency-related operations on affected systems...

Security Bulletin: NVIDIA CUDA Toolkit - September 2025

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install the latest release from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security...

Medium: cuda-compiler-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Fyrox has unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

Critical vulnerabilities in SICK InspectorP61x, InspectorP62x and TiM3xx

Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. It is strongly recommended to upgrade the InspectorP61x, InspectorP62...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

PT-2024-31606 · Picotls · Picotls

Name of the Vulnerable Software and Affected Versions: Picotls versions prior to the latest release Description: The issue arises when parsing a spoofed TLS handshake message, causing picotls to attempt to free the same memory twice. This double free occurs during the disposal of multiple objects...

PT-2024-31952 · Sparkshop · Sparkshop

Name of the Vulnerable Software and Affected Versions: Sparkshop version 1.16 Description: A loop hole in the payment logic of Sparkshop allows attackers to arbitrarily modify the number of products. This is a high-severity issue that affects multiple versions of Sparkshop. Users are urged to...

PT-2024-30298 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable t...

SUSE CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...