Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application developed by the American company Zoom. Versions of Zoom Workplace prior to 7.0.0 contained a security vulnerability. This vulnerability stemmed from a failure in the protection mechanisms, which could allow authenticated users to access sensitive informati...

PT-2026-40781

007% · CVE-2026-22841 · v200.0.1 → 0.007 The Zero-Day Supply Chain: How Lyrie Caught 7 Backdoors Before Public Disclosure...

PT-2026-40824

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 16.9.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker to extract sensitive information via...

Palo Alto Networks Prisma Access Agent 信任管理问题漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There are vulnerabilities in the Trust Management section of the Palo Alto Networks Prisma Access Agent for Android and Chrome OS. These vulnerabilities stem from improper certifica...

RHEL 9 : freerdp (RHSA-2026:16865)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16865 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RHEL 9 : freerdp (RHSA-2026:16866)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16866 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RockyLinux 8 : freerdp (RLSA-2026:16019)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16019 advisory. freerdp: FreeRDP: Denial of service due to use-after-free vulnerability CVE-2026-25952 freerdp: FreeRDP: Denial of Service via double free vulnerability...

RHEL 8 : freerdp (RHSA-2026:16777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16777 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RHEL 8 : freerdp (RHSA-2026:16814)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16814 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RockyLinux 10 : freerdp (RLSA-2026:16014)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16014 advisory. freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect CVE-2026-25997 freerdp: FreeRDP: Denial of service due to...

Linux Distros Unpatched Vulnerability : CVE-2026-43323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his...

Linux Distros Unpatched Vulnerability : CVE-2026-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a...

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...

freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0

A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...

freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0

A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...

EUVD-2026-29825

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

CVE-2026-42196 django-s3file: Relative path traversal

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...