Briefs

CVE-2025-14510 allows an attacker to bypass Azure Active Directory Single-Sign On authentication in vulnerable ABB Ability OPTIMAX versions, potentially granting unauthorized access to critical infrastructure systems.

Multiple vulnerabilities in ABB Ability Symphony Plus Engineering, stemming from underlying PostgreSQL flaws, could allow a remote attacker with network access to execute arbitrary code and compromise the system.

Multiple vulnerabilities in ABB AWIN Gateways allow an unauthenticated attacker to remotely reboot the device (CVE-2025-13778) or disclose sensitive system configuration details (CVE-2025-13777, CVE-2025-13779).

An authentication bypass vulnerability in ABB Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1 allows attackers to execute arbitrary code and modify application configurations by sending a specially crafted message to the system node.

A local attacker can exploit an unpatched vulnerability in Microsoft Windows RPC to escalate privileges.

Multiple vulnerabilities in FreeBSD OS could allow an attacker to gain elevated privileges, execute arbitrary code, manipulate data, disclose sensitive information, or cause a denial of service.

Multiple vulnerabilities in Absolute Secure Access could allow an attacker to escalate privileges, conduct a denial-of-service attack, and disclose sensitive information.

Multiple vulnerabilities in Acronis Cyber Protect Cloud Agent can be exploited by a local or remote, authenticated attacker to escalate privileges.

Multiple vulnerabilities in SonicWall SonicOS allow a remote attacker to escalate privileges, bypass security measures, or cause a denial-of-service condition.

A remote, anonymous attacker can exploit multiple vulnerabilities in Fast Datapath for Red Hat Enterprise Linux to perform a denial-of-service attack or disclose sensitive information.

A remote, unauthenticated attacker can exploit an unpatched vulnerability in libsndfile to cause a denial of service.

A local attacker can exploit a vulnerability in CUPS to execute arbitrary program code with administrator privileges on Linux and macOS systems.

Multiple vulnerabilities in CUPS allow an attacker to bypass security measures, execute arbitrary code, escalate privileges, manipulate data, or cause a denial-of-service condition.

Multiple vulnerabilities in sudo allow a local attacker to bypass security precautions and escalate privileges to root.

A remote, anonymous attacker can exploit multiple unspecified vulnerabilities in GIMP to achieve arbitrary code execution on a vulnerable system.

Multiple vulnerabilities in Google Chrome could allow an attacker to execute arbitrary code, bypass security mechanisms, disclose and manipulate data, and cause a denial-of-service condition.

A local attacker can exploit a vulnerability in PackageKit to escalate their privileges on a Linux system.

Multiple vulnerabilities exist in Xen and Citrix Systems XenServer that could allow an attacker to escalate privileges, bypass security measures, modify and disclose data, or cause a denial-of-service condition.

Multiple vulnerabilities in DNSdist can be exploited by an attacker to perform a denial of service attack, impacting the availability of DNS services.

Multiple vulnerabilities in Wazuh allow an attacker to perform a denial of service attack, execute arbitrary code, manipulate data, disclose confidential information, or bypass security measures.

CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.

CVE-2026-28388 is a NULL Pointer Dereference vulnerability in an unspecified Microsoft product when processing a Delta CRL, potentially leading to a denial-of-service condition.

CVE-2026-32283 is a vulnerability in crypto/tls that allows unauthenticated TLS 1.3 KeyUpdate records, leading to persistent connection retention and a denial-of-service condition.

CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.

CVE-2026-1005 is an integer underflow vulnerability in a Microsoft product that leads to out-of-bounds memory access during AES-GCM/CCM/ARIA-GCM decryption processes, potentially allowing for code execution or information disclosure.

CVE-2026-34073 is a vulnerability in unspecified Microsoft products due to incomplete DNS name constraint enforcement on peer names, potentially leading to certificate validation bypass.

Microsoft published information regarding vulnerability CVE-2026-32778, but no details regarding the vulnerability are available at this time.

Microsoft published information regarding CVE-2026-32776, however, further details require JavaScript to be enabled, limiting the actionable intelligence at this time.

Microsoft has published information regarding CVE-2026-32777, but no further details regarding the vulnerability or its exploitation are currently available.

A remote stack-based buffer overflow vulnerability exists in the Tenda 4G300 router, version US_4G300V1.0Mt_V1.01.42_CN_TDC01, allowing an attacker to potentially execute arbitrary code by manipulating the 'page' argument to the sub_427C3C function in the /goform/SafeMacFilter file.