CVE-2026-42312

pyload-ng contains a vulnerability (CVE-2026-42312) where a non-admin user with SETTINGS permission can disable TLS peer/hostname verification by setting general.ssl_verify off. The root cause is that the option is not in the ADMIN_ONLY_CORE_OPTIONS allowlist, so set_config_value() writes are all...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

Summary PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. Details This issue affec...

USN-8180-6 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8180-6: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

USN-8265-1 linux-nvidia-tegra vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

CVE-2026-1677

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

CVE-2026-1677

CVE-2026-1677 concerns Zephyr: sockets created with IPPROTO_TLS_1_3 may still negotiate TLS 1.2 when both TLS versions are enabled, because socket‑level protocol selection isn’t propagated to mbedTLS (e.g., via mbedtls_ssl_conf_min_tls_version). The ClientHello can advertise both TLS 1.2 and TLS ...

EUVD-2026-29033

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

Unity Linux 20.1070e Security Update: SDL2 (UTSA-2026-017801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017801 advisory. SDL Simple DirectMedia Layer through 2.0.12 has a heap-based buffer over-read in Blit3or4to3or4inversedrgb in video/SDLblitN.c via a crafted .BMP file. Tenable has...

📄 strongSwan 4.5.0 EAP-TTLS Integer Underflow

This Metasploit auxiliary module is designed to detect a vulnerability in strongSwan's EAP-TTLS implementation, identified as CVE-2026-25075. The issue is related to an integer underflow in the handling of AVP Attribute-Value Pair length fields during IKE-related UDP communication...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

Unity Linux 20.1070e Security Update: SDL2 (UTSA-2026-017800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017800 advisory. SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP...

Linux Distros Unpatched Vulnerability : CVE-2025-65502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where...

Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017787 advisory. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Tenable ha...

SUSE CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...