🟠 CVE-2026-0943 - High (7.5)

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. 

Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0943/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-21983 - High (7.5)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrast...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21983/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-21955 - High (8.2)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21955/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-0906 - Critical (9.8)

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0906/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-33015 - High (8.8)

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-33015/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-29847 - High (7.5)

A vulnerability in Apache Linkis.

Problem Description
When using the JDBC engine and da
When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-29847/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-12985 - High (8.4)

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12985/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-56005 - Critical (9.8)

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()`...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-56005/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-59465 - High (7.5)

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial o...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59465/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-21956 - High (8.2)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastru...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21956/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack