CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

EUVD-2026-31413

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

Astra Linux - уязвимость в libx11

The LookupCol.c file in X.Org X, as well as versions of X11R7.7 and libX11 prior to version 1.7.1, may allow remote attackers to execute arbitrary code. The libX11 XLookupColor function, intended for server-side color lookups, contains a flaw that allows a client to send color-name requests with...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.10. The file fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, resulting in a out-of-bounds read...

USN-8280-1 linux, linux-aws, linux-aws-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

PT-2026-42234

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in the QUIC protocol allows a remote attacker to execute arbitrary code within a sandbox by sending malicious network traffic. Use after free is a memory...

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

Astra Linux - уязвимость в wireshark

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4...

Wireshark 1.8.x < 1.8.10 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.8.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.8.10 advisory. - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before...

EUVD-2026-22059

An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

RLSA-2026:4473 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

NewStart CGSL MAIN 6.06 (SP) : p11-kit Multiple Vulnerabilities (NS-SA-2026-0024)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has p11-kit packages installed that are affected by multiple vulnerabilities: - An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit...

CVE-2026-20024

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF...

Linux Distros Unpatched Vulnerability : CVE-2026-3201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service CVE-2026-3201 Note that Nessus relies on t...

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1402)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1402 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...

Security Bulletin: A MongoDB zlib protocol flaw lets unauthenticated clients read uninitialized heap memory in multiple versions prior to patched releases.

Summary Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to...

Konica Bizhub Multifunction Printers Infinite Loop of Messages Between Servers (CVE-2024-2169)

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...