SUSE-SU-2026:21872-1 Security update for cockpit

This update for cockpit fixes the following issue - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040...

ROOT-OS-DEBIAN-12-CVE-2026-46520 CVE-2026-46520 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-46520 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.17 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

AI_AutoExploitGeneration

🎯 AI-POWERED AUTOMATED EXPLOIT GENERATION AEG SYSTEM Vers...

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-8047

CVE-2026-8047 affects CODESYS Control. The flaw is an improper length check while parsing incoming HTTP requests, causing a size-limited out-of-bounds write. An unauthenticated remote attacker could trigger a denial of service via a system crash on the affected device. Exploitation details and re...

EUVD-2026-31800

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NRS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NRS addressed in 3.0.5.1. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

CVE-2026-44469 Incorrect Default Permissions in CODESYS Development System

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

CVE-2026-44469

The CVE-2026-44469 entry concerns CODESYS Development System. During administrative installation, installation files are extracted to a temporary directory with incorrect default permissions. A low-privileged local attacker could exploit a TOCTOU race condition within a practical time window to r...

CVE-2026-44468 Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

CVE-2026-44468

CVE-2026-44468 affects CODESYS Development System. During administrative installation, the process creates a directory with insecure default permissions, allowing a low‑privileged local attacker to modify a temporary file that defines components to be installed. This enables local privilege escal...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-36220 DESCRIPTION: IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul...

Eppendorf BioFlo 320

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System LMS popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as...

CVE-2026-9526

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...

CVE-2026-9527

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...