CVE-2025-59382

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

CVE-2026-0269

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

CVE-2025-59382

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

EUVD-2025-210095

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

CVE-2025-59382

CVE-2025-59382 affects QTS, QuTS hero, QuTScloud and QVP (QVR Pro appliances). The connected documents state these products are not affected by the vulnerability, and that the vulnerability has been fixed in a following version. No exploit details, affected subcomponents, or specific versions are...

CVE-2025-66276 QTS

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later...

PT-2026-48357

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.7.3256 build 20250913 Description An access-control flaw exists in legacy environments where the NFS Network File System service is enabled. When NFS share settings are permissive, such as using a wildcard host entry...

PT-2026-48356

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

EUVD-2026-35474

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

EUVD-2026-35476

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

PT-2026-47856

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek unwrap key. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial o...

BELL-CVE-2026-46258 CVE-2026-46258 does not affect BellSoft software

Bulletin has no description...

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

CVE-2026-23823

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

BELL-CVE-2026-46222 CVE-2026-46222 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-46217 CVE-2026-46217 does not affect BellSoft software

Bulletin has no description...

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...