Hitachi Energy MACH HiDraw

SUMMARY Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages denial of service and...

HammerSim: A System-Level Tool to Model RowHammer

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...

PT-2026-43412

There is a mitigation bypass / incomplete fix for CVE-2025-62582 Unauthenticated Remote Database Access An unauthenticated remote attacker can access configured databases in a DIAView project...

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

CVE-2026-28380

A flaw was found in Grafana. An authenticated user with editor privileges could exploit a Broken Access Control BAC vulnerability in the Snapshot API. This flaw allows an editor to delete any dashboard snapshot, even those they do not have explicit read or write access to, leading to unauthorized...

CVE-2026-8463

A flaw was found in Crypt::Argon2 for Perl. This vulnerability, a heap out-of-bounds read, occurs in the argon2verify function when processing an empty encoded input. An integer underflow causes the software to read beyond the allocated memory, which can lead to a denial of service DoS by crashin...

CVE-2026-5089

A flaw was found in perl-YAML-Syck. The base60 sexagesimal parsing code in perlsyck.h contains a buffer underflow vulnerability. When processing specially crafted colon-separated values, an attacker could cause the parser to read one byte before the allocated buffer. This out-of-bounds read may...

Exploit for CVE-2026-42945

ingress-nginx CVE-2026-42945 backport kit This repository doc...

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

CVE-2026-8962

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 / Copy Fail Checker 🔒 Linux kernel vulnerabili...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

EUVD-2026-31499

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-43001

A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...

CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

CVE-2026-43618

A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail Safe Check Read-only Linux safety check for CVE-2...