Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which was affected by identity spoofing which is vulnerable to CVE-2026-3621

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which was affected by identity spoofing which is vulnerable to CVE-2026-3621. This bulletin contains information addressing the vulnerability. Vulnerability Details...

SUSE CVE-2026-5946

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN - for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths - recursio...

SUSE CVE-2026-46160

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...

SUSE CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

📄 Wing FTP Server 8.1.3 Remote Code Execution

Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/download/ Version: ImageMagick 7.x...

Microsoft - NTLMv2 Hash Capture

Titles: Microsoft - NTLMv2 Hash Capture Author: nu11secur1ty Date: 2026-05-27 Vendor: Microsoft Software: Windows Shell File Explorer Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-32202 Description: A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv...

strongSwan 5.9.13 - DoS

Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...

Improving IoT Intrusion Detection through SMOTE-Based Oversampling and Extended Multi-Model Evaluation on Side-Channel Power Data

The detection of intrusions in IoT-based networks poses challenges that cannot be overcome using traditional machine learning methods. Perhaps the biggest of them is related to the presence of a class imbalance in the side-channel dataset, where the number of samples in the normal class compared ...

PT-2026-44830

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

📄 EspoCRM 9.3.3 Server-Side Request Forgery

EspoCRM version 9.3.3 suffers from an authenticated server-side request forgery vulnerability. Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage:...

📄 strongSwan 5.9.13 Denial of Service

strongSwan version 5.9.13 suffers from a denial of service vulnerability. Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version:...

📄 ImageMagick 7.x Denial of Service

ImageMagick versions 7.x suffer from an infinite loop issue in the MIFF decoder that can lead to CPU exhaustion. Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec...

PT-2026-44940

Name of the Vulnerable Software and Affected Versions liboqs versions prior to 0.16.0 Description An out-of-bounds read exists in the XMSS and XMSS^MT stateful signature verification code. This occurs when the verification function is called with a signature buffer sized for the declared algorith...

PT-2026-45062

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspace id/issues/issue id/activity endpoint is gated by require workspace memberworkspace id and dispatches to ActivityService.list for issueissue id, which executes SELECT FROM activity WHERE issue id = :issue id with no...

PT-2026-45059

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency require workspace member... without...

PT-2026-45066

Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspace id/members/user id endpoint is gated by require workspace memberworkspace id, which defaults to min role="member" and is never overridden by the route. The handler then calls MemberService.update roleworkspace id, user i...