CVE-2026-25958 Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...

CVE-2026-25961

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...

PT-2026-7194

Name of the Vulnerable Software and Affected Versions Cube versions 0.27.19 through 1.5.12 Cube version 1.0.14 Cube version 1.4.2 Description Cube, a semantic layer for building data applications, is affected by a privilege escalation issue. A specially crafted request, using a valid API token, c...

Cube 安全漏洞

Cube is a semantic layer for building data applications developed by Cube OpenSource. There were security vulnerabilities in versions of Cube between 0.27.19 and 1.5.13, as well as in versions before 1.4.2 and 1.0.14. These vulnerabilities stemmed from the possibility of privilege escalation when...

UBUNTU-CVE-2026-23084

In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in becmdgetmacfromlist When the parameter pmacidvalid argument of becmdgetmacfromlist is set to false, the driver may request the PMACID from the firmware of the network card, and this functio...

EUVD-2026-5458

In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in becmdgetmacfromlist When the parameter pmacidvalid argument of becmdgetmacfromlist is set to false, the driver may request the PMACID from the firmware of the network card, and this functio...

CVE-2026-23084 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in becmdgetmacfromlist When the parameter pmacidvalid argument of becmdgetmacfromlist is set to false, the driver may request the PMACID from the firmware of the network card, and this functio...

CVE-2026-1498 WatchGuard Firebox LDAP Injection

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

CVE-2026-1498

WatchGuard Fireware OS is affected by CVE-2026-1498 via LDAP Injection. A remote unauthenticated attacker can retrieve information from a connected LDAP authentication server through an exposed authentication or management web interface, and may authenticate as an LDAP user if they have that user...

Malicious Package

Overview cassadasdasdasdwad is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview internallibv828 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2021-47770

OpenPLC v3 is affected by an authenticated remote code execution vulnerability. An attacker with valid credentials can inject malicious code via the hardware configuration interface by uploading a custom hardware layer containing embedded reverse shell code, which then initiates a network connect...

sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the JSONAuth.Auth function. An unauthenticated attacker can determine valid usernames by measuring the response time of the /api/login endpoint, exploiting the timing discrepancy between valid and invalid username...

Malicious Package

Overview tronweb-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview wac-react-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OESA-2026-1098 libsodium security update

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fixes: libsodium...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000638 advisory. The msrmtrrvalid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvmarchvcpu...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004433)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004433 advisory. fpregsstatevalid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002720 advisory. The msrmtrrvalid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvmarchvcpu...