CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

CVE-2026-0418

CVE-2026-0418 concerns NETGEAR devices where insufficient configuration management allows authenticated administrators on the local network to tamper with the system. The available description notes this is related to local-authenticated access and tampering capability, with a CVSS 4.0 base score...

CVE-2026-0418 Certain NETGEAR devices allow administrators to tamper with system

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

CVE-2026-0418 Certain NETGEAR devices allow administrators to tamper with system

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

CVE-2026-0419

CVE-2026-0419 describes insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router, 802.11ac, dual-band; released 2014) that allows users on the local Wi‑Fi to execute operating system commands. The device is End-of-Support since 2018 with no planned security updates. The advisory notes t...

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

MAL-2026-5384 Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ff0053c1f18c2d4e2e555119e16463f85cfb7f0c564d64d222a80a84763639 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GPS As a Key Distribution Platform

This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden "numbers station," according to Steven Murdoch… That means every device that uses GPS has been receiving...

CVE-2026-11521

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-11514

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2026-11513

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

CVE-2026-11518

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

CVE-2026-11512

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

CVE-2026-10727

Ivanti EPMM (Ivanti Endpoint Manager/Mobile EPMM) is affected by an OS command injection in versions before 12.9.0.1, 12.8.0.3, and 12.7.0.2. A remote authenticated attacker can execute arbitrary commands as root. The CVSS (3.1) vectors indicate network access, high impact on confidentiality, int...