176 matches found
CVE-2026-33794
An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to cras...
EUVD-2026-42328
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...
GHSA-Q6H5-Q3Q6-F87X CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...
PT-2026-56056
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...
CVE-2026-53162
A flaw was found in the Linux kernel's memory cgroup memcg subsystem. When a non-maskable interrupt NMI occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing syst...
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...
GHSA-QVV5-JQ5G-4CGG Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...
PT-2026-48331
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...
CVE-2026-37234
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...
CVE-2026-37234
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...
Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError
Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the handling of ICReq requests and queue removal in nvmet-tcp. This...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to return an error code when restoring the host CR3 during a nested VMEXIT, but this...
MAL-2026-4736 Malicious code in yessir-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...
CVE-2026-31712
A flaw was found in the ksmbd component of the Linux kernel. An authenticated Server Message Block SMB client with permissions to set an Access Control List ACL on a file can craft a malicious Discretionary Access Control List DACL. This crafted DACL, containing an undersized Access Control Entry...
Juniper Junos OS Multiple Vulnerabilities (JSA82974)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA82974 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64...
JLSEC-2026-245 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
JLSEC-2026-242 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...
media: vidtv: fix nfeeds state corruption on start_streaming failure
...
DEBIAN-CVE-2026-31585
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on startstreaming failure syzbot reported a memory leak in vidtvpsiservicedescinit 1. When vidtvstartstreaming fails inside vidtvstartfeed, the nfeeds counter is left incremented even...