Linux Distros Unpatched Vulnerability : CVE-2026-6985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component...

Linux Distros Unpatched Vulnerability : CVE-2026-6986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the...

GHSA-RPFR-X88X-XWCW Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

DEBIAN-CVE-2026-6986

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

CVE-2026-6986

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

CVE-2026-6986

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

DEBIAN-CVE-2026-5246

A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...

CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

PT-2026-29692

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg tls recv cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has bee...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

MikroTik RouterOS 7.x Buffer Overflow Vulnerability

MikroTik RouterOS is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"...

EUVD-2023-40437

Malicious code in bioql PyPI...

ILIAS < 6.24, 7.x < 7.21, 8.x < 8.2 Password Reset Vulnerability

ILIAS is prone to a password reset vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

CVE-2023-36484

ILIAS 7.21 and 8.0beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting XSS...

CVE-2023-36484

ILIAS 7.21 and 8.0beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting XSS...

CVE-2023-36484

ILIAS 7.21 and 8.0_beta1 through 8.2 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Evidence across CVE-2023-36484 entries (Red Hat, NVD, OSV, CNNVD, PT-Security) confirms the impacted versions and the XSS class, with a CVSSv3.1 base score of 6.1 (Network attack, User Inter...

CVE-2023-36484

ILIAS 7.21 and 8.0beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting XSS...

SUSE CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent Start Service - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS...

SAP Host Agent Access Control Error Vulnerability

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...