GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

Astra Linux - уязвимость в unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

CVE-2026-7508 Bootstrap CMS Page Creation show.blade.php code injection

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

OESA-2026-1986 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

OESA-2026-1854 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

Linux Distros Unpatched Vulnerability : CVE-2026-34933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local us...

CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

EUVD-2026-18910

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

PT-2026-30270

Name of the Vulnerable Software and Affected Versions Avahi versions prior to 0.9-rc4 Description Avahi, a system for local network service discovery using mDNS/DNS-SD, is susceptible to a denial-of-service condition. An unprivileged local user can terminate the avahi-daemon process by sending a...

CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

OESA-2026-1651 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

SUSE-SU-2026:0922-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...

Unity Linux 20.1070e Security Update: avahi (UTSA-2026-006159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006159 advisory. Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can...

Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

Apache Tomcat 11.0.0.M1 < 11.0.15 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.15security-11 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...