DEBIAN-CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

BELL-CVE-2026-29167

Bulletin has no description...

UBUNTU-CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

BELL-CVE-2026-46211

Bulletin has no description...

BELL-CVE-2026-45863

Bulletin has no description...

DEBIAN-CVE-2026-42000

Insufficient Validation of Names During AXFR...

DEBIAN-CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

BELL-CVE-2026-32175

Bulletin has no description...

BELL-CVE-2026-43453

Bulletin has no description...

BELL-CVE-2026-31651

Bulletin has no description...

DEBIAN-CVE-2026-5402

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution...

UBUNTU-CVE-2026-6755

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

BELL-CVE-2026-27820

Bulletin has no description...

DEBIAN-CVE-2026-32610

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

BELL-CVE-2026-32776

Bulletin has no description...

CVE-2026-28391

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

DEBIAN-CVE-2025-71125

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:...

CVE-2020-7820

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

DEBIAN-CVE-2022-50813

In the Linux kernel, the following vulnerability has been resolved: drivers: mcb: fix resource leak in mcbprobe When probe hook function failed in mcbprobe, it doesn't put the device. Compiled test only...

BELL-CVE-2025-68213

Bulletin has no description...