Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006710)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006710 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...

PT-2026-31422

Use of Default Cryptographic Key in the hardware for some IntelR PentiumR Processor Silver Series, IntelR CeleronR Processor J Series, IntelR CeleronR Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user combined with a high complexit...

LightRAG 数据伪造问题漏洞

LightRAG is an open-source retrieval-enhanced generation application developed by the Data Intelligence Laboratory at the Hong Kong University HKU. Versions of LightRAG prior to 1.4.14 contained a data manipulation vulnerability caused by JWT algorithm exploitation attacks. This vulnerability...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006745 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset...

📄 Dolibarr 23.0.0 dol_eval_standard() Whitelist Bypass

Dolibarr version 23.0.0 bypass proof of concept exploit. The whitelist mode of dolevalstandard does not apply $forbiddenphpstrings checks, and the function-call regex does not detect PHP dynamic callable syntax. This allows 'exec''cmd' to bypass all validation and reach eval. !/usr/bin/env python...

Intel® Trace Hub Advisory

Summary: A potential security vulnerability in some Intel® Trace Hub instances may allow escalation of privilege. Intel is releasing prescriptive guidance to address this potential vulnerability. Vulnerability Details: CVEID: CVE-2026-20709 Description: Use of Default Cryptographic Key in the...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.5)

The version of AHV installed on the remote host is prior to AHV-10.3.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.5 advisory. - urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a crafted CMS EnvelopedData message with a missing optional parameters field in the RSA-OAEP SourceFunc algorithm identifier. Notes: - This...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

Improper Handling of Case Sensitivity

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. Go Vulnerability Report: When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: During chain building, the amount of work that is done is not correctly limited when a large...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Validating certificate chains which use policies is unexpectedly inefficient when certificat...

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

ALPINE-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

DEBIAN-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

CVE-2026-28390

OpenSSL CVE-2026-28390 describes a NULL pointer dereference when processing CMS EnvelopedData with KeyTransportRecipientInfo using RSA-OAEP, triggered by missing optional RSA-OAEP parameters. The issue allows a crash/Denial of Service when untrusted CMS data is decrypted via CMS_decrypt(). Affect...

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...