Medium Severity Threats

An open-source tool named AnonymProxy has been developed in Rust to evade anti-bot systems that use TLS fingerprinting techniques such as JA3 and JA4. It works by intercepting raw TCP ClientHello packets and dynamically mutating the TLS handshake extensions using a Fisher-Yates shuffle, resulting in unique and unpredictable TLS fingerprints per connection. This evasion technique targets platforms like Cloudflare and Akamai that rely on static TLS fingerprinting to block automated traffic. The tool is asynchronous, lightweight, and publicly available on GitHub. No known exploits in the wild or patches are applicable since this is a tool for evasion rather than a vulnerability. The impact is primarily on the effectiveness of anti-bot and automated traffic detection systems relying on TLS fingerprinting. No geographic targeting is indicated.

Red Hat issued a security advisory (RHSA-2026:20351) for Red Hat Hardened Images RPMs, including multiple nginx packages, addressing a vulnerability tracked as CVE-2026-40460. The advisory describes this as a bug fix and enhancement update with medium severity related to CWE-290 (Authentication Bypass). No known exploits are reported in the wild. The update is available for various architectures including aarch64 and x86_64. The advisory does not explicitly state a fix but provides updated RPM versions and references for applying the update.

CVE-2025-38675 is a vulnerability related to the xfrm subsystem in Microsoft and Azure Linux kernel version 3. 0, involving the initialization timing of state pointers in the xfrm_state_find function. The vulnerability is categorized under CWE-362, which relates to race conditions. No CVSS score or detailed impact information is provided, and no known exploits are reported in the wild. There is no vendor advisory or patch information available at this time.

CVE-2026-43414 addresses a vulnerability in the qla2xxx driver related to a double free issue with fcport. The provided information is limited and does not include technical details beyond the vulnerability title or a CVSS score. There is no indication of known exploits in the wild or specific impact scenarios. No patch or remediation details are provided, and the vendor advisory content is minimal.

CVE-2025-68251 is a vulnerability in the erofs filesystem component affecting Microsoft Azure Linux kernel version 3. 0. It involves the risk of infinite loops caused by corrupted subpage compact indexes. No CVSS score or detailed impact information is provided. There is no indication of known exploits in the wild or available patches at this time.

CVE-2026-43029 is a vulnerability related to a soft lockup issue in the mptcp_recvmsg() function affecting Microsoft products including Azure Linux kernel version 3. 0. The vulnerability is categorized under CWE-667, which involves improper locking leading to potential system hangs or deadlocks. No CVSS score or detailed impact information is provided. There are no known exploits in the wild, and no patch or remediation details are currently available.

A denial of service vulnerability exists in the vsftpd FTP daemon used in Red Hat Enterprise Linux 8. 8. The issue is caused by an integer overflow during parsing of the ls command parameter, tracked as CVE-2025-14242. Red Hat has issued a security advisory rating this vulnerability as moderate severity and has released updated vsftpd packages to address the issue. No known exploits are reported in the wild. The vulnerability affects multiple Red Hat Enterprise Linux 8. 8 variants including AppStream and Update Services for SAP Solutions. Users are advised to apply the provided security update to remediate the vulnerability.

Multiple unspecified vulnerabilities have been identified in Mattermost versions prior to 11. 7. 0. Mattermost is a web-based instant messaging service. The vulnerabilities are collectively referenced under CVE-2026-4055, along with CVE-2026-4646 and CVE-2026-4858. No detailed technical specifics or exploitation methods have been provided. There are no known exploits in the wild at this time. Patch or remediation status is not confirmed from the available data. The advisory is published by the Bundesamt für Sicherheit in der Informationstechnik (BSI).

CVE-2026-43968 is a vulnerability involving carriage return (CR) injection in the SSE encoder component, which enables event splitting via the cow_sse:event/1 function. The affected products include Microsoft software, Azure Linux 3. 0, and rabbitmq-server. There is no CVSS score available, and no known exploits in the wild have been reported. No patch or remediation information is currently provided by the vendor advisory. The vulnerability is categorized under CWE-93, indicating improper control of CR and LF characters in input. The impact and exploitation details are limited to the injection and event splitting capability. No geographic targeting is indicated. Given the lack of detailed impact or exploit data, the severity is assessed as medium. Patch status is not confirmed; users should monitor official Microsoft advisories for updates.

CVE-2025-1178 is a memory corruption vulnerability in the GNU Binutils ld component, specifically in the bfd_putl64 function within libbfd. c. The vulnerability is categorized under CWE-119, indicating a classic memory safety issue. It affects Microsoft products including Azure Linux and CBL Mariner versions 2. 0 and 3. 0. No CVSS score or detailed impact metrics are provided, and there are no known exploits in the wild at this time. No patch or remediation information is currently available from the vendor advisory or other sources.