Monthly
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).
Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
CVE-2026-3856 is a security vulnerability (CVSS 5.3) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).
Eopkg package manager versions before 4.4.0 fail to track files included in malicious packages, allowing undetected file installation when users install from compromised sources. An attacker can distribute packages containing hidden files that evade detection by package management tools like lseopkg. Users installing exclusively from official Solus repositories are unaffected.
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.