K000161455: glibc vulnerability CVE-2026-0861

Security Advisory Description Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have...

Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

GHSA-72XP-P242-47P9 Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

PT-2026-44134

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route / locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator...

Incorrect Regular Expression

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'...

Incorrect Regular Expression

Overview Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'. An attacker can bypass security redirect restrictions by suppling a URL that passes any but...

CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021597)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021597 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race If an -anonvma is attached to the VMA, collapseandfreepmd...

UBUNTU-CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

UBUNTU-CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

CVE-2026-43334 Bluetooth: SMP: force responder MITM requirements before building the pairing response

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

Spring Office Hours Podcast: S5E14 - Spec Driven Development with Simon Martinelli

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun are joined by Java Champion, Vaadin Champion, and Oracle ACE Pro Simon Martinelli to talk about Spec-Driven Development. With AI reshaping how we write code, Simon makes the case th...

Astra Linux - уязвимость в postgresql-11

A vulnerability was discovered in PostgreSQL 12.2, allowing attackers to cause a denial of service by repeatedly sending SIGHUP signals. NOTE: This claim is disputed by the vendor, as untrusted users are unable to send SIGHUP signals; such signals can only be sent by a PostgreSQL superuser, a use...

The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European...

GHSA-939R-RJ45-G2RJ OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

CVE-2026-6284

CVE-2026-6284 is reserved, but connected ICS advisory ICSA-26-106-02 provides concrete details: for Horner Automation Cscape and XL4/XL7 PLCs, an attacker with network access can brute-force passwords due to weak password complexity and lack of input-rate limiting, enabling unauthorized access to...

CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...