CVE-2026-1066 kalcaddle kodbox Compression zip command injection

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

EUVD-2026-3128

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

CVE-2026-1066

The CVE-2026-1066 entry describes a command-injection vulnerability in kalcaddle kodbox (up to version 1.61.10) related to the Compression Handler when processing the file /?explorer/index/zip. The issue can be exploited remotely; the exploit is public. Details on vulnerable component, root cause...

CLSA-2026-1768663754 kernel: Fix of 38 CVEs

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...

PT-2026-3372

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

Kodbox command injection vulnerability

Kodbox is a network file manager developed by Warlee’s individual developer. Versions of Kodbox 1.61.10 and earlier had a command injection vulnerability. This vulnerability stemmed from incorrect operations on the component Compression Handler located at the file/?explorer/index/zip. Such...

CVE-2026-22036

A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in...

MiracleLinux 4 : lzo-2.03-3.1.AXS4.1 (AXSA:2014-445:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-445:02 advisory. LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires n...

Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability

Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...

f2fs: fix to avoid updating compression context during writeback

...

CVE-2025-14482

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...

CVE-2025-68772

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng reported a bug as below: Oops: divide error: 0000 1 SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 1 PREEMPTfull Hardware...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the loadRLE function in PluginTARGA.cpp. An attacker can cause a crash or unintended behavior by providing a specially crafted TGA image with RLE compression enabled. Remediation There is no fixed version for freeimag...

CVE-2025-14482

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...

CVE-2025-14482 Crush.pics Image Optimizer <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...

SUSE CVE-2025-68772

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng reported a bug as below: Oops: divide error: 0000 1 SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 1 PREEMPTfull Hardware...

MiracleLinux 3 : httpd-2.2.3-22.2.1AXS3 (AXSA:2009-77:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-77:02 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Fixed bugs: CVE-2009-1890 The streamreqbodycl function in modproxyhttp.c i...

Linux Distros Unpatched Vulnerability : CVE-2025-59465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of...

Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)

Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to the unhandled TLSSocket error ECONNRESET. An attacker can cause application crash by passing malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data. Note: This issue primary affects applications...