bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

From Foundation to Force: Your Guide to Operationalizing Wiz at Scale

Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger...

Astra Linux - уязвимость в gimp

GIMP PGM File Parsing: Uninitialized Memory Causes Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed an issue in verifying allowptrleaks. After we changed the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. This was because it failed the BP...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed the re-attachment branch in bpftracingprogattach. The following scenario can cause a crash due to a missing attachbtf: 1 Load the rawtp program. 2 Load the fentry program with rawtp as targetfd. 3 Create a tracing...

MINI-PGM4-R82V-JM54

Bulletin has no description...

EUVD-2026-26609

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobemulti programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the sleepable...

CVE-2026-31734

CVE-2026-31734 (Linux kernel sched_ext) has been fixed. The issue was a false negative where is_bpf_migration_disabled() could be incorrect on systems without CONFIG_PREEMPT_RCU, causing migration_disabled == 1 to be treated as truly migration-disabled even for the current task. The BPF prolog no...

SUSE CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

dtrace security update

2.0.7-4 - Prevent out-of-buonds memory access during object symbol table construction CVE-2026-35233. Orabug: 39121881 - Prevent divide-by-zero FPE trap if section header data is corrupted. CVE-2026-21996. Orabug: 39121874 - Ensure safety checks are performed on program header data from ELF...

CVE-2026-42167

The vulnerability CVE-2026-42167 affects ProFTPD with the mod_sql backend, where logging of USER requests (using expansions like %U) can bypass escaping in SQLLog/SQLNamedQuery and enable stacked SQL queries. In ProFTPD builds using the vulnerable mod_sql, an attacker can cause arbitrary code exe...

CVE-2026-42167

modsql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

CVE-2026-5940

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

CVE-2026-5942

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...

CVE-2026-5941

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

CVE-2026-5937

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

CVE-2026-5937

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

EUVD-2026-25823

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

EUVD-2026-25826

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...