CVE-2026-0237

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

CVE-2026-42579 Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

CVE-2026-42579 Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

CVE-2026-30904

CVE-2026-30904 concerns Zoom Workplace for iOS prior to version 7.0.0, where a protection mechanism failure could allow an authenticated user with physical access to disclose information. The issue is described consistently across sources as a local, physical-access threat affecting the client, w...

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

CVE-2026-0237 Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

CVE-2026-0237

CVE-2026-0237 affects Palo Alto Networks Prisma Browser on macOS. The issue is an improper protection of an alternate path that fails to restrict access to an internal automation bridge, allowing a locally authenticated non-admin user to use an exposed communication channel to send unauthorized c...

CVE-2026-0263

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service DoS condition. Panorama, Cloud NGFW, and Prisma® Access...

CVE-2026-43477

A flaw was found in the Linux kernel. Incorrectly configuring Variable Refresh Rate VRR timings before enabling display functionality can cause the system to hang. This issue, which may occur with certain display setups, can lead to a complete system freeze, resulting in a denial of service...

CVE-2026-43484

A flaw was found in the Linux kernel's MultiMediaCard MMC core. Concurrent updates to bitfield flags, specifically 'claimed' and 'retunenow', can lead to unintended overwrites of other bits in asynchronous contexts. This can trigger spurious warnings and result in system instability or unexpected...

Malicious code in hackling (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf12b321da2b42ce2302bdccbb35304c4f4a47c7a5e273076467b269982c480f Package automatically exfiltrate information about the system, including potentially sensitive data. --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2026-3665 Malicious code in hackling (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf12b321da2b42ce2302bdccbb35304c4f4a47c7a5e273076467b269982c480f Package automatically exfiltrate information about the system, including potentially sensitive data. --- Category: MALICIOUS - The campaign has clearly malicio...

CVE-2026-42930

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2020-37220

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

UBUNTU-CVE-2026-43486

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

CVE-2026-43486

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

UBUNTU-CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...