CVE-2026-38993

The CVE-2026-38993 affects Cockpit 2.13.5 and earlier, where the Buckets component is vulnerable to directory traversal. Authenticated users can write files to arbitrary locations in the uploads directory or overwrite assets with malicious versions. The issue is described across multiple sources ...

PT-2026-35978

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description A cross-site scripting issue exists in the Registration component. A remote attacker can execute this by manipulating the student id, full name,...

PT-2026-35934

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

CVE-2026-38993

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions...

Cockpit 路径遍历漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a path traversal vulnerability, which was caused by directory traversal in the Buckets component. This vulnerability could lead to arbitrary file writing...

CVE-2026-38991

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

FreeBSD : Mozilla -- Mitigation bypass (2510f10a-4307-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2510f10a-4307-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2016915 reports: Mitigation bypass in the DOM: Security...

ROS-20260429-73-0001

A vulnerability in the begfield function of the GNU Core Utilities GNU Coreutils sort component is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to disclose protected information and cause a denial of service...

FreeBSD : Mozilla -- Incorrect boundary conditions (48003ad3-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48003ad3-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2021770 reports: Incorrect boundary conditions in the WebRT...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: binutils (UTSA-2026-015454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015454 advisory. A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the...

FreeBSD : firefox -- Information disclosure (53ff336e-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 53ff336e-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015476 advisory. A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elfgcsweep of the file bfd/elflink.c of t...

FreeBSD : Mozilla -- Incorrect boundary conditions (7ff13e75-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ff13e75-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2023207 reports: Incorrect boundary conditions in the...

FreeBSD : Mozilla -- Mitigation bypass (872a6e95-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 872a6e95-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2023615 reports: Mitigation bypass in the Networking: Cooki...

FreeBSD : firefox -- Information disclosure (581838b8-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 581838b8-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect...

FreeBSD : Mozilla -- Privilege escalation in the Debugger component (177a7146-4307-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 177a7146-4307-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2023753 reports: Privilege escalation in the Debugger...

Linux Distros Unpatched Vulnerability : CVE-2026-35234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Partition. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable...

FreeBSD : Mozilla -- Information disclosure in the IP Protection component (62053c0f-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 62053c0f-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2026571 reports: Information disclosure in the IP Protectio...

CVE-2026-38991

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-35250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable...