CVE-2026-22583

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement CloudPagesUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

CVE-2026-22585

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud...

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

CVE-2026-0776

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

BIT-PYTHON-2025-15367 POP3 command injection in user-controlled commands

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

BIT-NODE-MIN-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

BIT-LIBPYTHON-2025-15367 POP3 command injection in user-controlled commands

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Security update for openCryptoki

This update for openCryptoki fixes the following issues: CVE-2026-22791: Fixed supplying malformed compressed EC public key can lead to heap corruption or denial-of-service bsc1256673. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2026-1416 GPAC filedump.c DumpMovieInfo null pointer dereference

A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released...

Continuous Aangine security vulnerabilities

Continuous aangine is a data integration and analysis tool developed by the Irish company Continuous. Version 2025.2 of Continuous aangine contains a security vulnerability. This vulnerability stems from the possibility of sensitive information being leaked through endpoints of multiple modules,...

Tanium Discover security vulnerabilities

Tanium Discover is an asset scanning module developed by the American company Tanium. Tanium Discover has a security vulnerability, which stems from uncontrolled resource consumption...

GPAC code-related vulnerabilities

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 2.4.0 have code vulnerabilities, which stem from a null pointer dereferencing in the file applications/mp4box/filedump.c...

Tanium Discover security vulnerabilities

Tanium Discover is an asset scanning module developed by the American company Tanium. Tanium Discover has a security vulnerability, which stems from improper input validation...

PT-2026-4773

Name of the Vulnerable Software and Affected Versions aangine version 2025.2 Description An issue allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, and portfolio-item-service dat...

ROS-20260126-73-0058

A vulnerability in the i2c-cros-ec-tunnel module of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260126-73-0049

A vulnerability in the drm/amd/pm/smu11 component of the Linux operating system kernel is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260126-73-0042

A vulnerability in the tlsmain.c component of the Linux operating system kernel is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-67274

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...

kernel security update

6.12.0-124.29.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...