PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

Debian dla-4537 : cgi-mapserver - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4537 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/...

Security update for Botan (important)

openSUSE Security Update: Security update for Botan Announcement ID: openSUSE-SU-2026:0142-1 Rating: important References: 1261880 Cross-References: CVE-2026-34582 CVSS scores: CVE-2026-34582 SUSE: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP7 A...

Ubuntu Pro Realtime 22.04 LTS : Linux kernel (Real-time) vulnerabilities (USN-8186-1)

The remote Ubuntu Pro Realtime 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8186-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-8187-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8187-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

ROS-20260420-73-0016

A vulnerability in the maxcertlist parameter of certificate compression in TLS 1.3 of the OpenSSL library is related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

OpenVPN -- server DOS and data leak in TLS handshake vulnerabilities

Gert Doering reports: Security fixes in 2.7.2 fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances CVE-2026-40215 fix server termination on receiving a suitably malformed packet with a valid tls-crypt-v2 key...

PT-2026-33634

Name of the Vulnerable Software and Affected Versions UltraDAG version 0.1 Description A non-council attacker can submit a signed 'SmartOp::Vote' transaction that successfully passes signature, nonce, and balance prechecks. However, the authorization check fails only after state mutation has...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...

Linux Distros Unpatched Vulnerability : CVE-2026-32105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypt...

CVE-2026-32105

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code MAC signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle MITM...

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

EUVD-2026-23472

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

CVE-2026-32105

This CVE concerns xrdp, an open source RDP server. In versions up to 0.10.5, xrdp does not verify the MAC (8-byte integrity signature) of RDP packets when using the Classic RDP Security layer. The receiver’s logic fails to validate the MAC, allowing an unauthenticated attacker with MITM capabilit...

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

[SECURITY] [DLA 4537-1] mapserver security update

Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 17, 2026 https://wiki.debian.org/LTS Package : mapserver Version : 7.6.2-1+deb11u2 CVE ID : CVE-2026-33721 A heap-buffer-overflow was found in mapserver, a CGI-based framework for...

USN-8188-1 linux-hwe-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bluetooth drivers; - DMA engine...

USN-8188-1: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bluetooth drivers; - DMA engine...

USN-8187-1: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...