27985 matches found
SUSE CVE-2026-42043
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
本地提权 CVE-2026-46300 使用方式: CGOENABLED=0 go build -ldflag...
CVE-2026-9516
CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...
MiracleLinux 8 : firefox-140.10.1-1.el8_10.ML.1 (AXSA:2026-744:11)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-744:11 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure...
AlmaLinux 8 : .NET 10.0 (ALSA-2026:21295)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21295 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...
AlmaLinux 8 : .NET 9.0 (ALSA-2026:21294)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21294 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...
PT-2026-45892
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode json advances the input scalar's string pointer past the mark with SvPV set and restores it only on the normal retur...
Oracle Linux 8 : kernel (ELSA-2026-21706)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21706 advisory. - smb: client: validate the whole DACL before rewriting it in cifsacl Paulo Alcantara RHEL-172815 CVE-2026-31709 - netfilter: xttcpmss: check remainin...
MiracleLinux 8 : kernel-4.18.0-553.126.1.el8_10 (AXSA:2026-751:40)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-751:40 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-681...
MiracleLinux 8 : cockpit-310.8-1.el8_10.ML.1 (AXSA:2026-750:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-750:04 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...
axios: Axios: NO_PROXY bypass via crafted URL
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...
MiracleLinux 8 : freeipmi-1.6.17-1.el8_10 (AXSA:2026-742:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-742:02 advisory. freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 Tenable has extracted the preceding description block directly from the MiracleLin...
D-Link D-View 8 v2.0.1.28 - Authentication Bypass
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 id: CVE-2023-5074 info: name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass author: DhiyaneshDK severity: critical description: | Use of a static key t...
MiracleLinux 8 : libexif-0.6.22-6.el8_10 (AXSA:2026-740:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-740:02 advisory. libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of...
CVE-2026-42506 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-42506 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-46597 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-46597 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-39835 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-39835 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-39828 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-39828 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-39830 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-39830 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...