PT-2026-42755

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.1 Apache CXF versions prior to 4.1.6 Apache CXF versions prior to 3.6.11 Description An LDAP injection issue exists in the LDAP Certificate repository of the XKMS server. This allows an attacker to retrieve...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: light: Added a check for array bounds in veml6075readinttimems. The array contains only 5 elements, but the index calculated by veml6075readinttimeindex can range from 0 to 7, which could lead to out-of-bounds access. The...

SUSE CVE-2026-43355

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pmruntimeputautosuspend before the error check to ensure the PM runtime reference count is always decremented after pmruntimegetsync, regardless of whether the read...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

PT-2026-39653

Name of the Vulnerable Software and Affected Versions D-Link DCS-932L version 2.18.01 Description Command Injection is possible in the sub 42EF14 function within the /bin/alphapd file. This occurs through the manipulation of the LightSensorControl argument. Recommendations At the moment, there is...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from D-Link Corporation. It is used for security and monitoring purposes. The D-Link DCS-932L version 2.18.01 has a security vulnerability. This vulnerability stems from improper handling of the parameter LightSensorControl by the function...

CVE-2026-43355

A flaw was found in the Linux kernel's bh1780 light sensor driver. This vulnerability occurs due to a Power Management PM runtime leak, where the system's reference count for power management is not always properly decremented. An attacker could exploit this by repeatedly triggering the error pat...

CVE-2026-43355

CVE-2026-43355 affects the Linux kernel bh1780 light sensor driver (iio: light). The root cause is a PM runtime reference-count leak: pm_runtime_put_autosuspend() was not guaranteed to run after pm_runtime_get_sync() if the read operation failed. The fixed response moves the autosuspend call befo...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The “buffer” local array is used to push data to user space from a triggered buffer. However, it does not set an initial value for the single data element, which is a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it...

[SECURITY] Fedora 44 Update: knighttime-6.6.4-1.fc44

Helpers for scheduling the dark-light cycle...

WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...

GHSA-8FFJ-4HX4-9PGF lightrag-hku: JWT Algorithm Confusion Vulnerability

Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid,...

lightrag-hku: JWT Algorithm Confusion Vulnerability

Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid,...

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...

Technostrobe HI-LED-WR120-G2 访问控制错误漏洞

Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains an access control vulnerability. This vulnerability stems from incorrect handling of parameters in the /...

[SECURITY] Fedora 43 Update: domoticz-2026.1-1.fc43

Domoticz is a Home Automation System that lets you monitor and configure vari ous devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to any mobile device...