CVE-2026-1568

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...

EUVD-2026-5244

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...

CVE-2025-15556

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

OESA-2026-1247 tinyxml2 security update

TinyXML-2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs. TinyXML-2 parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. Security Fixes: TinyXML2 through 10.0.0 has a reachable assertion fo...

SUSE CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

CVE-2026-24856

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2026-24856 iccDEV has UB runtime error in <icTagTypeSignature>

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2026-24856 iccDEV has UB runtime error in <icTagTypeSignature>

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

EUVD-2026-4782

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

Suricata resource management error vulnerability

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.3 and 7.0.14 contained a resource management vulnerability. This vulnerability stemmed from an unsigned integer overflow that could occur when generating too man...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005193 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005182)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005182 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: In the xskmapdeleteelem function an...

CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

CVE-2026-23992

The CVE-2026-23992 entry concerns go-tuf (Go implementation of The Update Framework). It states that in versions 2.0.0 up to but not including 2.3.1, a compromised or misconfigured TUF repository could configure signature thresholds to 0, effectively disabling signature verification. This can all...

📄 Malwarebytes Anti-Malware 2.x Privilege Escalation

This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...

Azure Linux 3.0 Security Update: shim-unsigned-aarch64 (CVE-2019-14584)

The version of shim-unsigned-aarch64 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-14584 advisory. - Null pointer dereference in Tianocore EDK2 May allow an authenticated user to potentially...

UBUNTU-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...