EUVD-2026-34875

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulti...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which occurs when, under certain conditions, physical interface fluctuations and proxy restarts may cause the IPsec...

PT-2026-47015

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms with hardware IPSec support and specific IPsec features enabled, the system may exhibit unexpected behavior. Physical interface flaps and certain agent restarts can trigger...

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

GHSA-WWPQ-F5C3-7HVX Spring Boot accepts predictable temp directory without ownership verification

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

Mercury MIPC252W 安全漏洞

The Mercury MIPC252W is a high-definition network monitoring camera from the China Mercury company, capable of wireless connectivity. The version MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n contains a security vulnerability. This vulnerability arises from the RTSP service improperly verifying...

Allocation of Resources Without Limits or Throttling

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

ClawWorm: Self-Propagating Attacks across LLM Agent Ecosystems

Autonomous LLM-based agents increasingly operate as long-running processes forming densely interconnected multi-agent ecosystems, whose security properties remain largely unexplored. In particular, OpenClaw, an open-source platform with over 40,000 active instances, has stood out recently with it...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. There is a security vulnerability in Cisco IOS XR, which stems from insufficient input validation of IS-IS packet headers. This vulnerability may lead to unexpected restarts of the IS-IS process a...

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-23596 Unauthenticated Improper Access Control in management API allows unauthorized service disruption

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-23596

CVE-2026-23596 describes an unauthenticated remote vulnerability in the management API that can trigger service restarts, potentially disrupting services and reducing system availability. The available records indicate an impact on availability (CVSSv3.1: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) with...

CVE-2026-23596 Unauthenticated Improper Access Control in management API allows unauthorized service disruption

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

PT-2026-5815

Name of the Vulnerable Software and Affected Versions Wacom WTabletService version 6.6.7-3 Description The software contains an unquoted service path issue that allows local attackers to execute malicious code with elevated privileges. An attacker can place an executable file within the service...

CLSA-2025-1764957598 libreswan: Fix of CVE-2024-2357

Update libreswan to 4.12-2 to include not compatible CVE fix CVE-2024-2357 after the version 4.9 - CVE-2024-2357: fix crash in IKEv2 when a missing PreSharedKey triggers repeated pluto restarts...

CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...