217448 matches found
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
CVE-2026-56740
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...
CVE-2026-56741
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...
CVE-2026-54159
PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...
CVE-2026-56740 JLine: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...
CVE-2026-56740
JLine3 Telnet server remote-telnet module in JLine prior to versions 3.30.14, 4.0.16, and 4.2.1 does not limit the number of environment variables injected via Telnet NEW-ENVIRON. TelnetIO.readNEVariables() stores each variable pair in a HashMap within ConnectionData (lines 1127-1180), allowing a...
CVE-2026-56740
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...
EUVD-2026-45343
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables in TelnetIO.java:1127-1180...
CVE-2026-56741 JLine: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...
CVE-2026-56741
JLine3 Telnet server's remote-telnet module did not bound NAWS-terminal dimensions, reading width/height as 16-bit values and passing 65535x65535 to setTerminalGeometry. This allowed an unauthenticated remote attacker to induce repeated heavy rendering, causing CPU exhaustion Denial of Service. A...
EUVD-2026-45342
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...
CVE-2026-56741
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS in TelnetIO.java:856-879 reads client-supplied...
CVE-2026-54159
CVE-2026-54159 affects PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3. The root cause is trusting the value of slider filters (price/weight) from the request URL, storing it in an internal cache, and deserializing it with PHP’s native unserialize(), enabling a crafted object inje...
CVE-2026-54159 ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE
PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...
CVE-2026-54159
PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...
EUVD-2026-45327
PrestaShop psfacetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the psfacetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored ...
Metasploit Wrap Up: An HTTP to SMB relay plus Payload Improvements
Metasploit Wrap Up Housekeeping While the Metasploit Framework will be continuing its weekly release cadence, bringing you dear reader our latest content, the Weekly Wrap Up is being shifted to a bi-weekly cadence. The team is planning to use the additional time between posts to record demos of...
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog aka APT-Q-27, Dragon Breath, and Miuuti Group, a...
Security update for python-dulwich
This update for python-dulwich fixes the following issue CVE-2026-47734: Unbounded memory allocation in receive-pack from crafted thin packs bsc1268138. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for vorbis-tools
This update for vorbis-tools fixes the following issue CVE-2026-34253: buffer underflow in the ogg123 utility in function remotethread of remote.c bsc1265361. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...