🚨 CVE-2026-13383
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
🎖@cveNotify
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
🎖@cveNotify
Watchguard
WatchGuard Firebox ikestubd Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.
🚨 CVE-2026-14940
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When
normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a
multivalued nested Relative Distinguished Name (RDN), the server can write past the
end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated
remote attacker can trigger this condition by sending an LDAP operation whose DN
reaches the DN normalization routine, such as a search with a crafted base DN. This
can corrupt heap memory and may cause denial of service.
🎖@cveNotify
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When
normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a
multivalued nested Relative Distinguished Name (RDN), the server can write past the
end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated
remote attacker can trigger this condition by sending an LDAP operation whose DN
reaches the DN normalization routine, such as a search with a crafted base DN. This
can corrupt heap memory and may cause denial of service.
🎖@cveNotify
🚨 CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
🎖@cveNotify
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
🎖@cveNotify
🚨 CVE-2025-12506
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the content available for download, due to improper handling of Git reference name resolution.
🎖@cveNotify
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the content available for download, due to improper handling of Git reference name resolution.
🎖@cveNotify
🚨 CVE-2026-11827
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.
🎖@cveNotify
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.
🎖@cveNotify
🚨 CVE-2026-15163
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
🎖@cveNotify
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
🎖@cveNotify
GitLab
Fuzz job crash: fuzz-2026-05-25-14522946224.pcap (#21275) · Issues · Wireshark Foundation / Wireshark · GitLab
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2026-05-25-14522946224.pcap.gz stderr:
🚨 CVE-2026-15164
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
GitLab
ciscodump extcap: unbounded heap write in remote hex-dump parsers (heap buffer overflow) (#21375) · Issues · Wireshark Foundation…
Summary The ciscodump extcap capture tool parses text hex-dump output returned over an SSH session by a...
🚨 CVE-2026-15165
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
🎖@cveNotify
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
🎖@cveNotify
GitLab
[Security] TLS ECH transcript reconstruction: heap buffer overflow via repeated ech_outer_extensions (#21390) · Issues · Wireshark…
I am writing to report a heap-buffer-overflow (write) in tshark This is a security issue that was found by Anthropic using Claude to find vulnerabilities,...
🚨 CVE-2026-15166
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
GitLab
[Security] 802.11 EAPOL-Key decryption: stack buffer overflow in Dot11DecryptDecryptKeyData() (#21391) · Issues · Wireshark Foundation…
I am writing to report a stack-buffer-overflow (write) in tshark This is a security issue that was found by Anthropic using Claude to find vulnerabilities,...
🚨 CVE-2026-15167
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
GitLab
Buffer overflow in DBS Etherwatch capture file parser (#21352) · Issues · Wireshark Foundation / Wireshark · GitLab
Summary NGUYEN Huu Trung reported the following to the security mailing list: Hello Wireshark security team,...
🚨 CVE-2026-15169
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
🎖@cveNotify
GitLab
[Security] UMTS FP E-DCH Type-2: out-of-bounds write past static `subframes[16]` in `dissect_e_dch_t2_or_common_channel_info()`…
I am writing to report a global-buffer-overflow (write) that is triggerable by way of the Wireshark fuzzing harness tshark) This is a security issue that...
🚨 CVE-2026-44160
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http and in_forward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as body_size_limit and chunk_size_limit, allowing crafted compressed payloads to decompress in memory to an excessive size and cause denial of service through memory exhaustion. This issue is fixed in version 1.19.3.
🎖@cveNotify
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http and in_forward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as body_size_limit and chunk_size_limit, allowing crafted compressed payloads to decompress in memory to an excessive size and cause denial of service through memory exhaustion. This issue is fixed in version 1.19.3.
🎖@cveNotify
GitHub
Backport(v1.19) buffer, in_http: enforce size limits on decompressed … · fluent/fluentd@f5f2b7c
…payloads (#5393)
**Which issue(s) this PR fixes**:
Fixes #
**What this PR does / why we need it**:
This PR introduces a strict upper bound for decompressed payloads.
### Changes
1. Introduced ...
**Which issue(s) this PR fixes**:
Fixes #
**What this PR does / why we need it**:
This PR introduces a strict upper bound for decompressed payloads.
### Changes
1. Introduced ...
🚨 CVE-2026-55849
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npm_execpath is unset or empty, allowing arbitrary OS command execution with the privileges of the invoking user. This issue is fixed in version 5.0.0.
🎖@cveNotify
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npm_execpath is unset or empty, allowing arbitrary OS command execution with the privileges of the invoking user. This issue is fixed in version 5.0.0.
🎖@cveNotify
GitHub
fix: eliminate possible shell-injection in `--workspace` argument (#… · CycloneDX/cyclonedx-node-npm@9f64625
…1476)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: fortress <fortress@kali.kali>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: fortress <fortress@kali.kali>
🚨 CVE-2026-54780
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
🎖@cveNotify
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
🎖@cveNotify
GitHub
Enforce algorithm suite policy on Reference DigestMethod values · CoreWCF/CoreWCF@5874231
WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignatureAsync already calls EnsureAcceptableSignatureKeySize and EnsureAcceptableSignatureAlgorithm against the configured SecurityAlgorithmSuite, b...
🚨 CVE-2026-13462
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
🎖@cveNotify
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
🎖@cveNotify
cwe.mitre.org
CWE -
CWE-295: Improper Certificate Validation (4.20)
CWE-295: Improper Certificate Validation (4.20)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
🚨 CVE-2026-59721
Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sendmail transport options, allowing an admin to execute arbitrary commands as root in the backend container after restart and mail sending. This issue is fixed in version 2026.6.0.
🎖@cveNotify
Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sendmail transport options, allowing an admin to execute arbitrary commands as root in the backend container after restart and mail sending. This issue is fixed in version 2026.6.0.
🎖@cveNotify
GitHub
fix(backend): reject path/query/fragment in SMTP URL validation (GHSA… · hoppscotch/hoppscotch@73a88c8
…-v7q6-r45w-2c6r) (#6413)
* fix(backend): reject path/query/fragment in SMTP URL validation
* refactor: fix ai feedbacks
* fix(backend): harden SMTP URL validation against parser differentials
* fix(backend): reject path/query/fragment in SMTP URL validation
* refactor: fix ai feedbacks
* fix(backend): harden SMTP URL validation against parser differentials
🚨 CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505.
🎖@cveNotify
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505.
🎖@cveNotify
GitHub
GitHub - barisbaydur/CVE-2025-63579: Unauthorized access to all user names and passwords entered in the Address Book feature found…
Unauthorized access to all user names and passwords entered in the Address Book feature found in Kyocera printers. - barisbaydur/CVE-2025-63579
🚨 CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
🎖@cveNotify
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payload.
The security risk posed by this issue is minimized when the management interface and access to the User-ID™ Authentication Portal is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW is not affected by this vulnerability.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal (aka Captive Portal) service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS...
🚨 CVE-2026-0280
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
🎖@cveNotify
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services.
Cloud NGFW and Panorama are not impacted by this vulnerability.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass
An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network tra...
🚨 CVE-2026-0281
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.
The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
🎖@cveNotify
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker.
The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. Thi...
🚨 CVE-2026-0282
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.
The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
🎖@cveNotify
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory.
The security risk posed by this issue is minimized by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW and Prisma® Access are not impacted by this vulnerability.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory....