Moderate: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-27826

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

EUVD-2026-10514

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

EUVD-2026-10576

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

GO-2026-4594 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik

Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes Slowloris DOS in github.com/traefik/traefik...

CVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

UBUNTU-CVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

CVE-2026-23240

In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...

CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

BIT-GOLANG-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

CVE-2026-3822

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...

Fortinet FortiSwitchAXFixed 安全漏洞

The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There were security vulnerabilities in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. These vulnerabilities stemmed from unchecked buffer copying of input sizes, which could allow...

Feathers 安全漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. There were security vulnerabilities in versions of Feathers 5.0.0 to 5.0.42. These vulnerabilities stemmed from the lack of type checking ...

ROS-20260310-73-0011

A vulnerability in the Digital Credentials component of Google Chrome browser is related to incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information...

PT-2026-24240

Name of the Vulnerable Software and Affected Versions FortiSwitchAXFixed versions 1.0.0 through 1.0.1 Description A buffer copy issue exists where the size of the input is not checked, potentially allowing an unauthenticated attacker on the same network to execute code or commands on the device...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2026-1256)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...