s3-proxy 路径遍历漏洞

s3-proxy is a multi-functional S3 bucket proxy tool developed by Havrileck Alexandre. Versions of s3-proxy prior to 5.0.0 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent URL path interpretations between the authentication middleware and the bucket processor,...

WSO2 Identity Server 访问控制错误漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a control access vulnerability that arises from the lack of verification of organizational context during the execution of adaptive authentication processes. This vulnerabili...

Unity Linux 20.1060e / 20.1070e Security Update: openvpn (UTSA-2026-017649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017649 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...

PT-2026-39592

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Magic Link authentication flow lacks adequate rate limiting or resource control, allowing it to accept multiple invalid authentication requests. This leads t...

PT-2026-39679

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description The WebSocket upgrader for the '/exec' and '/attach' endpoints accepts upgrade requests from any origin because it uses a custom CheckOrigin function that always returns true. When combined with the...

PT-2026-39703

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

PT-2026-39642

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

PT-2026-39729

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...

PT-2026-39630

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAX LOGIN ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init app and is reachable on every server, never...

PT-2026-39581

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A lack of user account state validation during authentication allows locked user accounts to be successfully accessed using Magic Link or Pass Key methods. This...

Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017752 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017610 advisory. The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017775 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017519 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection...

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017776 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017774 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 8.0.21 and prior. Easily...

RHEL 9 : nginx (RHSA-2026:15942)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15942 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 9 : nginx:1.24 (RHSA-2026:15943)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15943 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 9 : nginx:1.24 (RHSA-2026:15945)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15945 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...