MiracleLinux 9 : qemu-kvm-8.2.0-11.el9 (AXSA:2024-7897:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7897:02 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 QEMU: VNC: infinite loop in inflatebuffer leads to denial of service...

PT-2026-3649

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions 0.20.2 through 1.2.0 Description The External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to...

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

CVE-2026-1136

The CVE-2026-1136 entry concerns a cross-site scripting (XSS) vulnerability in the lcg0124 BootDo product, specifically in the ContentController Save function (file path: /blog/bContent/save). The issue arises from manipulating the content/author/title argument, enabling XSS and enabling remote e...

Synology DiskStation Manager Out-of-bounds Write (CVE-2024-45539)

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This plugin only works with...

ROS-20260119-7329

A vulnerability in the ufsbsgremove function of the drivers/ufs/core/ufsbsg.c module of the Linux kernel's UFS Universal Flash Storage host controller support is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentialit...

MiracleLinux 7 : microcode_ctl-2.1-73.16.el7 (AXEA:2023-6332:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXEA:2023-6332:07 advisory. - Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged...

CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

PT-2026-3381

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file...

CVE-2026-1063

The vulnerability CVE-2026-1063 affects Bastillion (Bastillion up to 4.0.1) in the Public Key Management System. The issue involves manipulation in src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java that enables command injection. Attack is described as executable remotely and publicly ...

EUVD-2026-3130

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

CVE-2026-1061 xiweicheng TMS FileController.java upload unrestricted upload

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

CVE-2026-1061

CVE-2026-1061 affects xiweicheng TMS prior to 2.28.0. The vulnerability is in the Upload function of FileController.java (src/main/java/com/lhjz/portal/controller/FileController.java), where manipulation of the filename argument enables unrestricted file upload. Remote exploitation is possible, a...

ai_bouncer

AiBouncer AI-powered HTTP request classification for Ruby on...

CVE-2025-12007

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

Bastillion command injection vulnerability

Bastillion is an open-source key management tool developed by bastillion-io. Versions of Bastillion 4.0.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from incorrect operations on the Public Key Management System component in the file...

PT-2026-3368

Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.0 Description An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the filename argument within the Upload function located in the file...

OESA-2026-1077 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...