CVE-2026-4930 DPA Countermeasures weakening on Series 3 devices

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...

HP Switch - Authentication Bypass

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

Fujitsu IP Series - Hardcoded Credentials

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...

RHSA-2026:28740 Red Hat Security Advisory: kpatch-patch-5_14_0-570_116_1, kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 security update

Bulletin has no description...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Do not force clear the buffer if it is referenced. The patch series “nilfs2: Protect busy buffer heads from being forced to be cleared” addresses this issue. This patch fixes the inconsistency in buffer head states report...

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

EUVD-2026-37975

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

CVE-2026-8806 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

SUSE-SU-2026:2380-1 Security update for hplip

This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or...

EUVD-2026-36134

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...

EUVD-2026-36148

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

EUVD-2026-36149

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

CVE-2026-0272

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

CVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

CVE-2026-0266

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...