EUVD-2026-36445

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

UBUNTU-CVE-2026-1836

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

CVE-2026-44894

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

OESA-2026-2670 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

sliff-driv-exploit

SliffDriver LPE Local privilege escalation exploit for a sign...

ROOT-APP-NUGET-CVE-2026-33116 CVE-2026-33116 in Rootio.System.Security.Cryptography.Xml - Patched by Root

Root has patched CVE-2026-33116 in the Rootio.System.Security.Cryptography.Xml package for Root:NuGet. Multiple fixed versions available...

ROOT-APP-NUGET-CVE-2026-26171 CVE-2026-26171 in Rootio.System.Security.Cryptography.Xml - Patched by Root

Root has patched CVE-2026-26171 in the Rootio.System.Security.Cryptography.Xml package for Root:NuGet. Multiple fixed versions available...

CVE-2026-11848 IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

CVE-2026-11848 IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

CVE-2026-11845

The CVE-2026-11845 entry concerns the iVEC-IEI Virtualization Edge Computer from IEI Integration Corp, describing an OS Command Injection vulnerability. The available documents state that privileged remote attackers could inject arbitrary OS commands and execute them on the device, with high impa...

CVE-2026-11845 IEI Integration Corp｜iVEC-IEI Virtualization Edge Computer - OS Command Injection

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

CVE-2026-11845 IEI Integration Corp｜iVEC-IEI Virtualization Edge Computer - OS Command Injection

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...

GHSA-99F4-GRH7-6PCQ vulnerabilities

Vulnerabilities for packages: pulumi, langfuse-fips, kibana, langfuse, cadence-web, opentelemetry-auto-instrumentations-node, jitsucom-jitsu...

CVE-2026-12059 Cellopoint｜CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-48610

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

CVE-2026-48610

CVE-2026-48610 describes an Improper Access Control vulnerability on certain devices running UniFi OS. A remote attacker with network access could cause unauthorized changes to UniFi OS devices. The CVSSv3.1 base score is 8.1 (High) with network attack vector, high impact on confidentiality, inte...

CVE-2026-47370

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...