PT-2026-40614

Date: May 13, 2026 Status: ACTIVE GLOBAL EXPLOITATION / CORE INFRASTRUCTURE SHATTER Target: Microsoft Message Queuing MSMQ, all versions through Windows Server 2025 Severity: 9.8 MAXIMUM CRITICAL Unauthenticated Remote Code Execution 1. Analysis: Why "Queue-Shatter" is Today's Apex Threat While t...

CVE-2026-1801

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

EUVD-2026-1801

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

TencentOS Server 4: tcpdump (TSSA-2025:0081)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0081 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2021-1801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2025-1801)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2023-21554, a vulnerability in MSMQ. The tar...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2023-21554, a vulnerability in MSMQ. The tar...

Linux Distros Unpatched Vulnerability : CVE-2023-1801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVE-2023-1801 Note that Nessus...

CVE-2025-1801

creationtimestamp| type| source ---|---|--- 2025-03-03 17:19:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114099640939996740 2025-03-03 17:49:05+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114099758293626776 2025-03-03 18:03:29+00:00| seen|...

CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...

CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:1954)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1954 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

RHSA-2024:1801

creationtimestamp| type| source ---|---|--- 2025-01-24 06:12:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2874 2025-01-31 01:12:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3545...

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...

RHEL 7 : tcpdump (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tcpdump: Buffer overflow in the -F command line argument parser CVE-2018-16301 - tcpdump: Buffer over-rea...

RHEL 9 : unbound (RHSA-2024:1801)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1801 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: bind9: KeyTrap - Extreme CPU...

CVE-2024-1801

In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-1801

Progress Software Telerik Reporting ObjectReader deserialization vulnerability (CVE-2024-1801 / CVE-2024-1856) enables remote code execution through untrusted data. Affected: Telerik Reporting versions prior to 2024 Q1 (18.0.24.130). Attack requires user interaction (e.g., visiting a malicious pa...