Nikto Web Scanner 2.6.0

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including thousands of potentially dangerous files/programs, checks for outdated versions of over 1500 server components, and version specific problems on hundreds of servers...

PT-2026-21972

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.1.18 @langchain/community versions prior to 1.1.18 Description A redirect-based Server-Side Request Forgery SSRF bypass exists in the RecursiveUrlLoader within the @langchain/community package. The loader initiall...

Fedora 45 : selenium-manager (2026-a92ff0085d)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a92ff0085d advisory. Automatic update for selenium-manager-4.34.0-6.fc45. Changelog Tue Feb 10 2026 tjuhasz - 4.34.0-6 - Rebuild for CVE-2026-25727 rhbz2438154 Tenable has...

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

We are grateful to the research team at Atredis for sharing their findings around a vulnerability CVE-2026-1814 impacting our vulnerability management offerings InsightVM and Nexpose. We have identified a fix that addresses this vulnerability and will be delivered via a Security Console product...

GHSA-MHG7-666J-CQG4 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

GHSA-X9P2-77V6-6VHF FrankenPHP has delayed propagation of security fixes in upstream base images

Delayed propagation of security fixes in upstream base images Summary Vulnerability in base Docker images PHP, Go, and Alpine not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual trigger...

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.81 contained security vulnerabilities. These vulnerabilities stemmed from the automatic completion feature, where user-provided parameters were directly...

Fedora 44 : vultr-cli (2026-ce174cdc78)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce174cdc78 advisory. Automatic update for vultr-cli-3.8.0-1.fc44. Changelog Wed Feb 4 2026 Major Hayden - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure...

GHSA-VHW5-3G5M-8GGF Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

CVE-2026-25253

OpenClaw/OpenClaw (clawdbot/Moltbot) vulnerability CVE-2026-25253 arises from the Control UI reading gatewayUrl from the URL query and auto-opening a WebSocket to the attacker’s endpoint with the stored token, enabling token exfiltration and potential full gateway compromise. Root cause: applySet...

Exploit for Argument Injection in Gnu Inetutils

Tell Me Root Batch Scanning Tool for the CVE-2026-24061 Telne...

NETGEAR’s various products have security vulnerabilities

NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

A WhatsApp bug lets malicious media files spread through group chats

WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from “trusted default messenger” to a grudgingly necessary Meta product. Privacy-aware users still see WhatsApp as one of the...

Delinea Secret Server On-Prem Security Vulnerability

Delinea Secret Server On-Prem is a privileged access management platform provided by the American company Delinea. Versions 11.8.1, 11.9.6, and 11.9.25 of Delinea Secret Server On-Prem contain security vulnerabilities. These vulnerabilities stem from improper authentication procedures, which may...

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...