PT-2026-29809

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Utils.select best encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by...

CVE-2026-34716

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

Linux Distros Unpatched Vulnerability : CVE-2026-5281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via...

Linux Distros Unpatched Vulnerability : CVE-2026-5285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-5283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-5291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from proces...

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

EUVD-2026-17490

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

SUSE CVE-2026-5037

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

CVE-2026-32287 affecting package telegraf for versions less than 1.29.4-22

CVE-2026-32287 affecting package telegraf for versions less than 1.29.4-22. A patched version of the package is available...

CVE-2026-4645 affecting package terraform for versions less than 1.3.2-30

CVE-2026-4645 affecting package terraform for versions less than 1.3.2-30. A patched version of the package is available...

UBUNTU-CVE-2026-5122

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION: @isaacs/brace-expansion is a hybrid CJS/ESM...

CVE-2026-5122 osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

CVE-2026-5122

The CVE affects osrg GoBGP ≤ 4.3.0, specifically the BGP OPEN Message Handler in pkg/packet/bgp/bgp.go DecodeFromBytes. Manipulating the domainNameLen argument results in improper access controls, potentially enabling remote exploitation. The attack is described with a high complexity requirement...

Linux Distros Unpatched Vulnerability : CVE-2026-5037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing ...

ROOT-OS-DEBIAN-12-CVE-2024-33875 CVE-2024-33875 in rootio-hdf5 - Patched by Root

Root has patched CVE-2024-33875 in the rootio-hdf5 package for Root:Debian:12. Multiple fixed versions available...