22185 matches found
CVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.
CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
ToDesktop Builder security vulnerabilities
ToDesktop Builder is a desktop application building tool developed by ToDesktop Company in Ireland. Version 0.33.0 of ToDesktop Builder contains a security vulnerability. This vulnerability stems from improper permissions granted to the custom URL scheme handler, which may allow attackers to invo...
PT-2026-4497
Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.33.0 Description A flaw exists in the Custom URL Scheme handler within ToDesktop Builder. Insufficient validation when invoking external protocol handlers from the renderer context allows attackers with...
CVE-2026-1327
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...
CVE-2026-1327
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...
CVE-2026-1326
A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...
CVE-2026-1326
A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...
CVE-2026-1327
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...
CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
CVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
HTTP Request Smuggling
io.vertx:vertx-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of / in the output buffer by removeDots function in Static Handler which allows the attacker can prevent access to static files by sending specifically crafted request URIs that exploit...
SUSE CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27028)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27028 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointe...
PT-2026-3932
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23147)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23147 advisory. - In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in...
Azure Linux 3.0 Security Update: keepalived (CVE-2024-41184)
The version of keepalived installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41184 advisory. - In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can...