ROS-20260420-73-0033

A vulnerability in Incus container management system and virtual machine manager is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate privileges...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

MINI-M2M4-H633-XWC2

Bulletin has no description...

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

SP1 安全漏洞

SP1 is an open-source zero-knowledge virtual machine developed by Succinct. Versions 6.0.0 to 6.0.2 of SP1 contain security vulnerabilities. These vulnerabilities stem from defects in the recursive sharding verifier, which could allow malicious provers to construct invalid proofs...

CVE-2026-40323

SP1 (zero‑knowledge VM) has a soundness vulnerability in the V6 recursive shard verifier affecting versions 6.0.0–6.0.2, allowing a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. The issue is fixed in version 6.1.0. Impact is described as...

OESA-2026-1914 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

OESA-2026-1911 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

OESA-2026-1910 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

Eclipse Che Machine-Exec WebSocket Service Exposure Detector

This Python script is a lightweight security detection tool designed to identify potentially exposed or misconfigured machine-exec WebSocket services associated with Eclipse Che running on port 3333...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007392)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007392 advisory. In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy run-time warning in dgdispatchashost Syzkaller hit 'WARNING in dgdispatchashost...

SUSE CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates

Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...

EUVD-2026-23004

Weblate: SSRF via Project-Level Machinery Configuration...

Weblate: SSRF via Project-Level Machinery Configuration

Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

CVE-2026-5426

CVE-2026-5426 affects Digital Knowledge KnowledgeDeliver prior to Feb 24, 2026, due to a hard-coded ASP.NET/IIS machineKey in web.config. This flaw enables unauthenticated attackers to bypass ViewState validation and achieve remote code execution via crafted ViewState deserialization. In observed...

CVE-2026-6348 Simopro Technology｜WinMatrix - Missing Authentication

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-6348

WinMatrix agent by Simopro Technology is affected by a Missing Authentication vulnerability. The CVE-2026-6348 issue allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine and on all hosts in the environment where the agent is installed. Credent...