CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...

AZL-74643 CVE-2026-0716 affecting package libsoup for versions less than 3.0.4-12

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-0716

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

UBUNTU-CVE-2026-0716

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

CVE-2026-0716

CVE-2026-0716 concerns libsoup’s WebSocket frame processing. The issue arises when a non-default configuration leaves the maximum incoming payload size unset, allowing reads outside the intended bounds and potentially causing memory exposure or a crash. Multiple security advisories (SUSE openSUSE...

Astra Linux - уязвимость в botan

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2025-66051

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an unset error code in the mchpeicdomainalloc function in the mchp-eic interrupt controller driver, whi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992521 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in preparetorelocate In...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992613 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in preparetorelocate In...

Linux Distros Unpatched Vulnerability : CVE-2025-68738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7996: fix null pointer deref in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unset memory allocation related fields that could lead to a null pointer dereference...

EUVD-2023-60155

In the Linux kernel, the following vulnerability has been resolved: devlink: report devlinkporttypewarn source device devlinkporttypewarn is scheduled for port devlink and warning when the port type is not set. But from this warning it is not easy found out which device driver has no devlink port...

CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...

CVE-2025-62709 ClipBucket v5 is vulnerable to password reset link manipulation

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration baseurl is not set. Because Host is a client-controlled header, a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989481 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211gettxpower We can get a UBSAN warning if...

MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...