CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata CVE-2025-71265 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid...

Oracle Linux 8 : dtrace (ELSA-2026-50251)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50251 advisory. - Prevent out-of-buonds memory access during object symbol table construction CVE-2026-35233. Orabug: 39121881 - Prevent divide-by-zero FPE trap if...

Oracle Linux 10 / 9 : dtrace (ELSA-2026-50249)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50249 advisory. - Prevent out-of-buonds memory access during object symbol table construction CVE-2026-35233. Orabug: 39121881 - Prevent divide-by-zero FPE trap ...

Security update for libsodium (moderate)

openSUSE security update: security update for libsodium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20642-1 Rating: moderate References: bsc1255764 bsc1256070 Cross-References: CVE-2025-15444 CVE-2025-69277 CVSS scores: CVE-2025-15444 SUSE : 6.8...

Security update for openexr (important)

openSUSE security update: security update for openexr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20652-1 Rating: important References: bsc1262425 bsc1262426 Cross-References: CVE-2026-40244 CVE-2026-40250 CVSS scores: CVE-2026-40244 SUSE : 7.8...

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the preferences.php process. An attacker can trigger unauthorized server-side actions, such as...

Improper Check for Unusual or Exceptional Conditions

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the stopMembership function. An attacker can cause a denial of administrative...

CVE-2026-7400

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

EUVD-2026-26273

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

CVE-2026-6914

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

CVE-2026-6914

CVE-2026-6914 : The vulnerability arises from computing the MD5 checksum of a malformed BSON object, potentially causing loss of availability on MongoDB Server. Affected are all MongoDB Server v8.2, all v8.1, v8.0 prior to 8.0.21, and v7.0 prior to 7.0.32. The provided documents do not specify ex...

MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

CVE-2026-7390 SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

Modern Defensible Architecture: Resilience for the Australian Federal Government

How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...

Claude Mythos Has Found 271 Zero-Days in Firefox

That's a lot. No, it's an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, whi...

CVE-2026-35378

A flaw was found in the expr utility of uutils coreutils. A logic error in how the utility evaluates parenthesized subexpressions prevents proper short-circuiting for logical OR and AND operations. This can lead to arithmetic errors, such as division by zero, in parts of expressions that should b...

CLSA-2026-1777453307 ntp: Fix of 2 CVEs

CVE-2018-7185: unauthenticated packet with a zero-origin timestamp can reset an authenticated interleave association leading to denial of service. - CVE-2019-8936: NULL pointer dereference triggered by an authenticated mode 6 control packet with no value field...

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...