CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

Advisory ROSA-SA-2026-3279

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-16 affected versions tomcat-9.0.37-16 CVE-ID: CVE-2026-24733 BDU-ID: None CVE-Crit: LOW CVE-DESC.: An invalid input validation vulnerability in Apache Tomcat allows a remote attacker to bypass security restrictions by...

EUVD-2026-30938

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the net device is put...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

GHSA-67C5-X5MF-RPPQ MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

CVE-2026-7860

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...

CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

EUVD-2026-30878

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

OPENSUSE-SU-2026:20781-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-2151: vulnerability affects the function Assimp: GetNextLine in the library ParsingUtils.h bsc1239220. - CVE-2025-2591: division by zero in code/AssetLib/MDL/MDLLoader.cpp bsc1239920. - CVE-2025-2592: heap-based buffer overflow in Assim...

SUSE-SU-2026:21821-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-2151: vulnerability affects the function Assimp: GetNextLine in the library ParsingUtils.h bsc1239220. - CVE-2025-2591: division by zero in code/AssetLib/MDL/MDLLoader.cpp bsc1239920. - CVE-2025-2592: heap-based buffer overflow in Assim...

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the net device is put...