123164 matches found
Froxlor has an incomplete fix for CVE-2026-30932
Summary The LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Affected Package - Ecosystem: Other - Package: froxlor - Affected versions: a...
GHSA-J6FM-9RFM-J5HX Froxlor has an incomplete fix for CVE-2026-30932
Summary The LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Affected Package - Ecosystem: Other - Package: froxlor - Affected versions: a...
Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by Improper Input Validation vulnerability due to jetty-http.
Summary jetty-http is used by IBM Sterling Connect:Direct for UNIX in product configuration. IBM Sterling Connect:Direct for UNIX is impacted by Improper Input Validation vulnerability in jetty-http, CVE-2025-11143. IBM Sterling Connect:Direct for UNIX has upgraded jetty-http to address the issue...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
OESA-2026-2505 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2504 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2503 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2502 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2483 hplip security update
The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security Fixes: A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the us...
OESA-2026-2467 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative siz...
OESA-2026-2466 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative siz...
CVE-2026-49324
Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40175)
Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios i...
CVE-2026-49324 Indian Scout Bobber 2025 WCM brute-force
Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...
CVE-2026-49324
The CVE-2026-49324 affects the Wireless Control Module (WCM) in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an exploitable brute‑force lockout that is reachable via any unauthenticated in‑vehicle network message, with no session binding and no reset on power cycle...
EUVD-2026-33289
Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...
CVE-2026-49324 Indian Scout Bobber 2025 WCM brute-force
Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...
CVE-2026-49324
Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...
Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus
Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...
RUSTSEC-2026-0151 Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms
On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...