Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

CVE-2026-22855

CVE-2026-22855 affects FreeRDP prior to version 3.20.1, where a heap-out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. The vulnerability is fixed in FreeRDP 3.20.1. Impact per available data includes high confidentiality/availabi...

PT-2026-2935

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A heap out-of-bounds read occurs in the smartcard SetAttrib path when the cbAttrLen variable does not match the actual NDR buffer...

CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...

Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks Guardian is a protection software from Nozomi Networks, Inc. Nozomi Networks Guardian suffers from a cross-site scripting vulnerability that stems from improper validation of network traffic data, which could lead to HTML injection attacks...

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-66624

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

EUVD-2025-201496

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

nfstream 6.5.4

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

CVE-2025-13160

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...

CVE-2025-13160 IQ Service International｜IQ-Support - Exposure of Sensitive Information

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network...

CVE-2025-13160

Technical details are not publicly available in the provided documents. Monitor for updates.

PT-2025-46938

Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an issue that allows unauthenticated remote attackers to access specific APIs and obtain sensitive information from the internal...

CVE-2025-42940

CVE-2025-42940 affects SAP CommonCryptoLib. The issue is boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network, leading to memory corruption and an application crash. Impact is high on availability, with no confidentiality or integrity impact stated. Connect...

EUVD-2025-35892

An issue was discovered in the NDIS Usermode IO driver RtkIOAC60.sys, version 6.0.5600.16348 allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service...

SonicWall Says All Firewall Backups Were Accessed by Hackers

SonicWall has confirmed that attackers accessed cloud backup configuration files for all customers using its backup service exposing encrypted credentials and network configurations...

EUVD-2014-8356

Malware in sbrugna...