CVE-2026-37229

FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...

NextCloud Teams security vulnerabilities

NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams from 32.0.0 to 32.0.7, and from 33.0.0 to 33.0.1. These vulnerabilities stemmed from the absence of API-level access checks,...

`pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

RUSTSEC-2026-0100 `pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

EUVD-2026-15093

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system...

PT-2026-26704

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Moderators can create Zendesk tickets for topics they do not...

`rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

libplctag 缓冲区错误漏洞

libplctag is an open source C library for libplctag that provides a portable and simple API for accessing Allen-Bradley and Modbus PLC data over Ethernet. A buffer error vulnerability exists in libplctag versions 2.0 through 2.6.3, which stems from an out-of-bounds read in the unpackresponse...

CISA: Contec CMS8000 Contains a Backdoor

This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

PT-2024-18447 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.2.x through 9.2.4 Mattermost version 9.3.0 Mattermost versions 9.4.x through 9.4.1 Description: The issue allows an authenticated attacker to cause the server to run out of memory...

CVE-2023-21841

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

TP-LINK TL-WR741N和TP-LINK TL-WR742N 安全漏洞

TP-LINK TL-WR741N and TP-LINK TL-WR742N are both wireless routers from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR741N/TL-WR742N V1/V2/V3130415 versions. An attacker could exploit this vulnerability to cause a denial of service DoS via specially crafted packets...

Aruba Instant Access Point 命令注入漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points that allows arbitrary commands to be executed remotely. The following products and versions are affected: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and...

VMware Spring Security Data Forgery Issue Vulnerability

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A data forgery issue vulnerability exists in VMware Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2. A remote attacker could exploit this...

Huawei USG6000V Out-of-Bounds Read Vulnerability

Huawei USG6000V is a virtual service gateway product based on Network Function Virtualization NFV from Huawei, China. A security vulnerability exists in Huawei USG6000V V500R001C20SPC300 version, V500R003C00SPC100 version, and V500R005C00SPC100 version. A remote attacker could exploit the...