kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

Vulnerabilities present in Oracle MySQL products

Oracle has identified vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. These vulnerabilities exist in various Oracle MySQL products and versions. In MySQL Shell for VS Code versions 2026.2.0+9.6.1, attackers with low privileges and network acce...

CVE-2026-27869

The CVE-2026-27869 entry concerns the Regesta Smart HD-PLC by Teldat (model TLDPH16D2, 11.02.05.10.02). An attacker on the network can perform a Slow Loris-style attack to cause a Denial of Service on the device’s web interface. The impact is a DoS with network access and low attack complexity; c...

CVE-2026-27870

CVE-2026-27870 affects Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02) from Teldat. An attacker with network access and required registration could inject arbitrary JavaScript by placing an XSS payload into the Hostname field of the configuration file, triggering an XSS in the path /upgrade/quer...

CVE-2026-27868

CVE-2026-27868 concerns the Regesta Smart HD-PLC (TLDPH16D2: 11.02.05.10.02). An attacker with network access to the device could disclose privilege information by calling the Version command through /upgrade/query.php?cmd=p+3&3Bversion, leading to information disclosure. The CVSS metrics indicat...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

PT-2026-50460

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller affected versions not specified Description Insufficient input validation in the configuration template engine of the web-based management interface allows an authenticated remote attacker to execute arbitrar...

PT-2026-50477

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-import' endpoint axiosRequestMake could be used as a generic HTTP proxy. The endpoint was reachable without authentication, and its URL-extension allowlist used a regular expressi...

PT-2026-50464

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...

PT-2026-50443

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Authentication allows an unauthenticated attacker with adjacent network access to potentially gain unauthorized access, leading to information disclosure and informati...

PT-2026-50435

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Description An improper access control issue exists where a low privileged attacker with adjacent network access could potentially exploit the flaw to achieve elevation of privileges and gain...

PT-2026-50463

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

PT-2026-50432

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Dell PowerFlex Manager versions prior to 4.5.5.2 Description An improper authentication issue allows an unauthenticated attacker with adjacent network access to bypass authentication without...

Bosch Security Systems IP Cameras Improper Access Control (CVE-2022-41677)

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...

Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)

An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...