FrankenPHP 输入验证错误漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. In versions 1.11.2 to 1.2.3 of FrankenPHP, there was a vulnerability related to input validation errors. This vulnerability stemmed from the incorrect use of the splitPos function in cgi.go when the request path contained...

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from HAProxy saving unvalidated and unescaped JSON field values direct...

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

PT-2026-48501

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 UniFi OS Server affected versions not specified Description picklescan fails to block pkgutil.resolve name, which allows attackers to bypass the blocklist by resolving dangerous functions through indirect...

Debian dsa-6332 : libokular5core10 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6332 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6332-1 [email protected] https://www.debian.org/security/...

TrueConf Windows Client < 8.5.3.884 Download of Code Without Integrity Check Vulnerability (CVE-2026-3502)

The version of TrueConf Windows Client installed on the remote host is prior to 8.5.3.884. It is, therefore, affected by a vulnerability: — A remote code execution vulnerability exists in the TrueConf Client update mechanism due to lack of cryptographic verification of update packages. An...

Linux Distros Unpatched Vulnerability : CVE-2026-7383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact...

RHEL 9 : samba (RHSA-2026:25049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25049 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0601)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0601 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12,...

RHEL 8 : flatpak (RHSA-2026:25068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25068 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2300)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2343)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

Linux Distros Unpatched Vulnerability : CVE-2026-45447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A...

PT-2026-48382

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

Broadcom Layer7 API Gateway 代码问题漏洞

Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...

Deserialization of Untrusted Data

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of pagination-related data in Spring GraphQL. An attacker can achieve remote code execution by...

VulnCheck KEV: CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...