Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23037)

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: allow partial RX URB allocation to succeed When es58xallocrxurbs fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58xopen to return early,...

Mattermost Desktop 5.13.x < 5.13.6 / 6.x < 6.2.0 Multiple Vulnerabilities (MMSA-2026-00651 / MMSA-2026-00652)

The version of Mattermost Desktop installed on the remote host is affected by multiple vulnerabilities: - Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a...

Mattermost Server 10.11.x < 10.11.14 / 11.4.x < 11.4.4 / 11.5.x < 11.5.2 Vulnerability (MMSA-2026-00597)

The version of Mattermost Server installed on the remote host is affected by a vulnerability: - Mattermost fails to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate...

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-14199)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an udppackethandler call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

Siemens RuggedCom Rox Uncontrolled Recursion (CVE-2025-9714)

Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2022-34835)

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the doi2cmd function. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23228)

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of activenumconn in ksmbdtcpnewconnection On kthreadrun failure in ksmbdtcpnewconnection, the transport is freed via freetransport, which does not decrement activenumconn, leaking this counter. Replace...

PT-2026-50733

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common 1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; /...

PT-2026-50646

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pff title is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cot import is disabled, so an authenticated user can...

PT-2026-50734

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

PT-2026-50742

Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree durin...

PT-2026-50793

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

PT-2026-50825

Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery SSRF vulnerability in three administrative endpoints used for remote Signal K server connection management. The makeRemoteRequest function accepts attacker-controlled host, port, useTLS, and...

PT-2026-50719

Summary The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because service.name is controlled by remote OTLP senders and the operator-configured bearer token is attached to every request, a crafted servi...

Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2026-1484)

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40254)

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the setnsh... action is completely wrong. It runs through the nshkeyputfromnlattr function that is the same function that validates NSH keys...

Siemens RUGGEDCOM RST2428P Path Traversal (CVE-2025-7039)

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28389)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...