CVE-2026-4542

CVE-2026-4542 affects SSCMS 4.7.0, specifically the LayerImage Endpoint’s LayerImageController.Submit.cs handling of the filePaths argument. The root cause is manipulation of filePaths leading to path traversal. Attack can be performed remotely; exploit maturity is PROOF-OF-CONCEPT. CVSS metrics ...

CVE-2026-4542 SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

SUSE CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...

CVE-2026-3230

A flaw was found in wolfSSL. A remote attacker could exploit a missing cryptographic step in the Transport Layer Security TLS 1.3 client HelloRetryRequest handshake logic. By sending a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension, an...

OESA-2026-1640 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

CVE-2026-4434

CVE-2026-4434: Improper certificate validation in PAM propagation WinRM connections enables a network attacker to perform a man-in-the-middle attack when TLS certificate verification is disabled. Documented across multiple feeds (Red Hat, EUVD, NVD, etc.) with a high impact concern (CVSS 8.1). Af...

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

SUSE CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT serve...

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

Channel Prediction-Based Physical Layer Authentication under Consecutive Spoofing Attacks

Wireless networks are highly vulnerable to spoofing attacks, especially when attackers transmit consecutive spoofing packets. Conventional physical layer authentication PLA methods have mostly focused on single-packet spoofing attack. However, under consecutive spoofing attacks, they become...

PT-2026-26677

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic parameter set::set derived values. This issue has been patched in version 1.0.17...

Linux Distros Unpatched Vulnerability : CVE-2026-3549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing...

Linux Distros Unpatched Vulnerability : CVE-2026-3230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to missing validation in the keyshare process during the TLS 1.3 HelloRetryRequest handshake. An attacker can compromise the confidentiality of encrypted communications by sending a crafted HelloRetryReque...

EUVD-2026-13166

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...