CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

ROS-20260506-73-0042

Vulnerability in flannel due to failure to clean data at the management level. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: igc: Fixed a page fault in handling XDP TX timestamps. If an XDP application that requested TX timestamping shuts down while the link of the interface in use is still active, the following kernel errors are reported: 883.80361...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fixed a kernel panic when accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before the I3C bus initialization. In this case, the DAT allocentry will be used before the DAT init...

EUVD-2019-18120

Malware in sbrugna...

DEBIAN-CVE-2025-38691

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

FreePBX 安全漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX version 15.0.66 and versions prior to 17.0.3, which stems from...

The vulnerability of the IBM Storage Scale cluster file system, related to the lack of data cleaning measures at the management level, allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the IBM Storage Scale cluster file system is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands remotely...

The vulnerability of the web manager for managing files and directories in File Browser, related to the lack of measures taken at the management level to clean up data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web manager responsible for managing files and directories in File Browser is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

ROS-20250703-03

A vulnerability in the pgAdmin 4 database management tool is related to improper data cleanup, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

The vulnerability of the doExecute method in the HPE StoreOnce VSA storage virtualized system allows a attacker to execute arbitrary code.

The vulnerability of the doExecute method in the HPE StoreOnce VSA virtual storage system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the setNoticeCfg() function in the TOTOLink A950RG router’s microprogramming software allows a intruder to execute arbitrary commands and gain full control over the device.

The vulnerability of the setNoticeCfg function in the TOTOLink A950RG router’s microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the IpTo parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the tar.vim plugin for the Vim text editor allows a hacker to execute arbitrary code.

The vulnerability of the tar.vim plugin for the Vim text editor is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created tar files...

CVE-2019-8730

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes...

The vulnerability of the sub_454F2C function in D-Link DIR-605L router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub454F2C function in D-Link DIR-605L router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Harbor Registry module of the Git-based software platform for collaborative code development on GitLab allows a hacker to execute arbitrary code.

The vulnerability of the Harbor Registry module of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary code...