EUVD-2026-26421

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the logDetailCat function in the Execution Log Handler. An attacker can access unauthorized resources by obtaining a valid logId and sending requests directly to logDetailCat endpoint. Remediation Upgrade...

TOTOLINK N300RT 缓冲区错误漏洞

TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The TOTOLINK N300RT version 3.4.0-B20250430 contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the iscmdstringvalid function of the libapmib.so component,...

SUSE-SU-2026:21407-1 Security update for mariadb

This update for mariadb fixes the following issue: - Update to v11.8.6 - CVE-2026-32710: heap-based buffer overflow via JSONSCHEMAVALID can lead to crash or remote code execution bsc1260081...

EUVD-2026-25493

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

CVE-2026-39462

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

PT-2026-34768

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

CVE-2026-35058

server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key...

CVE-2026-31511 Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013871)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013871 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, on...

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

EUVD-2026-23965

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens...

CVE-2026-6609

Affected software: liangliangyy DjangoBlog (up to 2.1.0.0). Vulnerable component: oauth/views.py, function form_valid. Root cause: manipulation of the oauthid argument leads to improper authorization. Impact: potential remote exploitation with arbitrary access, as the exploit has been published. ...

PT-2026-33715

A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used...

Movary 安全漏洞

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.71.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the routing definitions for the user management endpoint/settings/users did not enforce the use of only...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007545)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007545 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of stidvo,hda,hdmiconnectormodevalid With clang's kernel control flow...

SUSE SLES15 Security Update : mariadb (SUSE-SU-2026:1367-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1367-1 advisory. Update to version 11.8.6. - https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 -...

GHSA-43FJ-QP3H-HRH5 Sync-in Server has Username Enumeration via Timing Attack

Summary The /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. Details The logic flaw can be located at the below point in source:...