OESA-2026-2390 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

Astra Linux - уязвимость в ansible

A security flaw was discovered in Ansible Engine. This flaw occurs in Ansible 2.7.x versions prior to 2.7.17, Ansible 2.8.x versions prior to 2.8.11, and Ansible 2.9.x versions prior to 2.9.7 when managing Kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are pass...

EUVD-2026-22191

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

Arbitrary Code Injection

Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...

CVE-2026-32702

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

EUVD-2018-21624

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

CVE-2018-25169 AMPPS 2.7 Denial of Service via Malformed Socket Connection

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

CVE-2018-25169 AMPPS 2.7 Denial of Service via Malformed Socket Connection

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

CVE-2025-70997

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...

Linux Distros Unpatched Vulnerability : CVE-2026-24061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a -f root value for the USER environment variable. CVE-2026-24061 Note that Nessus...

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

CVE-2026-24823

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

Exploit for CVE-2026-24061

CVE-2026-24061 GNU Inetutils telnetd Remote Authentication...

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

MiracleLinux 8 : python27:2.7 (AXSA:2023-6214:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6214:01 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : ruby:2.7 (AXSA:2021-2391:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2391:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...

MiracleLinux 8 : ruby:2.7 (AXSA:2022-3845:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3845:01 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

MiracleLinux 4 : python27-python-2.7.16-6.0.1.AXS4 (AXSA:2019-3987:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3987:01 advisory. python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc CVE-2019-10160 python: undocumented localfile protocol...

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...