CVE-2026-42559

A flaw was found in rmcp, the official Rust SDK for the Model Context Protocol. The Streamable HTTP server transport in rmcp failed to validate the incoming Host header, enabling a malicious public website to exploit this through a DNS rebinding attack. This allows the attacker to send...

CVE-2026-20717

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-101 (ALASKERNEL-5.15-2026-101)

The version of kernel installed on the remote host is prior to 5.15.202-142.235. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-101 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operati...

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

Important: kernel-livepatch-5.10.252-250.992

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

PT-2025-46433

Name of the Vulnerable Software and Affected Versions Intel QuickAssist Technology versions prior to 2.6.0 Description A flaw exists in Intel QuickAssist Technology that, due to improper input validation within Ring 3 User Applications, could allow an attacker to escalate privileges. A system...

CVE-2025-60419

An issue was discovered in the NDIS Usermode IO driver RtkIOAC60.sys, version 6.0.5600.16348 allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service...

EUVD-2023-43157

Malicious code in bioql PyPI...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via uncontrolled recursion in the process. An attacker can cause a system crash or resource exhaustion by providing specially crafted input during local authenticated access. Remediation A fix was pushed into the...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - requests

Summary IBM Sterling Connect:Direct Web Service uses python - requests , python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Vulnerability Details...

PT-2023-19688 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to...

CVE-2018-19009

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker wi...

Cisco Nexus 7000 Device Local Elevation of Privilege Vulnerability

The Cisco Nexus 7000 Series switches help create the network infrastructure platform needed for next-generation unified array data centers. Multiple elevation of privilege vulnerabilities exist in the Python scripting subsystem on Cisco Nexus 7000 devices configured with multiple VDCs, which can ...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SUSE Linux Enterprise operating system’s KVM package can lead to breaches of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out locally by a malicious individual who has completed the authenticatio...