News & Sicurezza

CVE ID :CVE-2026-23403 Published : April 1, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checking since *ns is always NULL when the comparison is made. Remove the incorrect assignment. The caller (aa_unpack) initializes *ns to NULL once before the loop, which is sufficient. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-23404 Published : April 1, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for ((i=0; i /sys/kernel/security/apparmor/.remove Replace the recursive __aa_profile_list_release() approach with an iterative approach in __remove_profile(). The function repeatedly finds and removes leaf profiles until the entire subtree is removed, maintaining the same removal semantic without recursion. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21630 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-23898 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21629 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-23899 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :An improper access check allows unauthorized access to webservice endpoints. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21631 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Lack of output escaping leads to a XSS vector in the multilingual associations component. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21632 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Lack of output escaping for article titles leads to XSS vectors in various locations. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

NVIDIA Patches High-Severity “Insecure Deserialization” Flaws in BioNeMo Framework NVIDIA has issued an important security update for its BioNeMo Framework, a critical tool used by researchers and developers in the generative AI and drug discovery space. The update addresses two hig ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-24165 CVE-2026-24164 CVE-2026-3502 CVE-2026-33032 CVE-2025-33244 CVE-2026-21962 CVE-2024-0143

CVE ID :CVE-2026-27101 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28265 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. Severity: 4.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5259 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...