CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

CVE-2026-29181 affecting package etcd for versions less than 3.5.30-2

CVE-2026-29181 affecting package etcd for versions less than 3.5.30-2. A patched version of the package is available...

CVE-2026-39821 affecting package etcd for versions less than 3.5.30-2

CVE-2026-39821 affecting package etcd for versions less than 3.5.30-2. A patched version of the package is available...

CVE-2026-44283 affecting package etcd for versions less than 3.5.30-2

CVE-2026-44283 affecting package etcd for versions less than 3.5.30-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-33814 affecting package etcd for versions less than 3.5.30-2

CVE-2026-33814 affecting package etcd for versions less than 3.5.30-2. A patched version of the package is available...

openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20845-1 advisory. This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections...

DEBIAN-CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

network-pentest-metasploitable2

Network / System Penetration Test — Metasploitable 2 !Type...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

PT-2026-45418

A heap use-after-free in the dasher process function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

Security update for libsoup (important)

openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20845-1 Rating: important References: bsc1259767 Cross-References: CVE-2026-4271 CVSS scores: CVE-2026-4271 SUSE : 8.6...

CVE-2026-10173 Orthanc Explorer 2 URL StudyList.vue cross site scripting

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

CVE-2026-39821 affecting package azurelinux-image-tools for versions less than 1.3.0-2

CVE-2026-39821 affecting package azurelinux-image-tools for versions less than 1.3.0-2. A patched version of the package is available...

OPENSUSE-SU-2026:20845-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767...

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

EUVD-2026-33282

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...