CVE-2026-43279

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

C...

[SECURITY] Fedora 44 Update: squid-7.5-1.fc44

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 MOVEit Transfer Vulnerability Analysis Proj...

PT-2026-37619

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the system blindly assumes received packets fit the buffer size when silencing playback URB USB Request Block packets in implicit fb...

ROS-20260506-73-0044

Vulnerability in erlang related to flaws in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

PT-2026-37773

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

OpenStack Ironic has an Incorrect Resource Transfer Between Spheres

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

Incorrect Resource Transfer Between Spheres

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a...

CVE-2026-33489

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

CVE-2026-33489

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

CVE-2026-33489

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

EUVD-2026-27450

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...

CVE-2026-33489

CoreDNS CVE-2026-33489 affects the transfer plugin prior to version 1.14.3. The root cause is a lexicographic longestMatch() comparison in plugin/transfer/transfer.go, which can select a permissive parent-zone ACL over a more-specific subzone ACL when both are configured. This flaw enables an una...

EUVD-2026-27345

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

CVE-2026-34956

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

UBUNTU-CVE-2026-34956

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...