PT-2026-37625

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 OpenSSL 3.x Description An inappropriate implementation in Tint within Google Chrome allows a remote attacker to potentially perform a sandbox escape using a crafted HTML page. In OpenSSL, a...

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift kube-apiserver (RHSA-2019:2989)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2989 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - containers/image: not...

PT-2026-37390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow occurs in the 16-bit UDP length field when processing oversized PPPoL2TP packets with UDP encapsulation. The l2tp xmit core function fails to check for overflows during the...

PT-2026-37437

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name. For example, if the...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from l2tp’s failure to check for UDP length field overflows during UDP encapsulation. This could lead to the...

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from insufficient transport layer protection. Data is transmitted over the network without encryption, allowing attackers to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of card disconnection checkpoints added to the ALSA OSS mixer layer. This vulnerability...

PT-2026-37440

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

PT-2026-37926

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

PT-2026-37719

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

PT-2026-37722

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

PT-2026-37924

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

PT-2026-37962

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

Linux Distros Unpatched Vulnerability : CVE-2026-43080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists i...

ALSA-2026:14200 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...

CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

EUVD-2026-27145

Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

Linux Distros Unpatched Vulnerability : CVE-2026-43062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection respons...

Quarkus 安全漏洞

Quarkus is an open-source cloud-native Linux framework for writing Java applications. Quarkus has a security vulnerability that stems from inconsistent path normalization between the security layer and the routing layer. This vulnerability allows unauthenticated or low-privilege users to bypass...