CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

BIT-GOLANG-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

CVE-2026-3822

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...

Fortinet FortiSwitchAXFixed 安全漏洞

The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There were security vulnerabilities in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. These vulnerabilities stemmed from unchecked buffer copying of input sizes, which could allow...

Feathers 安全漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. There were security vulnerabilities in versions of Feathers 5.0.0 to 5.0.42. These vulnerabilities stemmed from the lack of type checking ...

PT-2026-24240

Name of the Vulnerable Software and Affected Versions FortiSwitchAXFixed versions 1.0.0 through 1.0.1 Description A buffer copy issue exists where the size of the input is not checked, potentially allowing an unauthenticated attacker on the same network to execute code or commands on the device...

ROS-20260310-73-0011

A vulnerability in the Digital Credentials component of Google Chrome browser is related to incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information...

Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2026-1256)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121 For more details about the security issues,...

GHSA-Q5Q9-2RHP-33QW Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled

Impact When graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypass the introspection control, allowing unauthenticated users to perform type reconnaissance. schema introspection is not affected. Patches The check was chang...

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

Important: Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update

An update for golang-github-openprinting-ipp-usb is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

vLLM 代码问题漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.17.0 contains a code vulnerability. This vulnerability stems from inconsistencies in URL parsing between the verification layer and the actual HTTP...

TLS 1.3 SNI Scanner

A command-line PHP vulnerability testing tool was developed to analyze TLS behavior through observation and logical reasoning, rather than relying on fixed rules or CVE numbers. The tool establishes multiple TLS connections to the same server and port using different SNI values. It then compares...

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726...

RUSTSEC-2026-0038 RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

VoiceSHIELD-Small: Real-Time Malicious Speech Detection and Transcription

Voice interfaces are quickly becoming a common way for people to interact with AI systems. This also brings new security risks, such as prompt injection, social engineering, and harmful voice commands. Traditional security methods rely on converting speech to text and then filtering that text,...