Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

WordPress Metform <=2.1.3 - Information Disclosure

WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the /core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017767)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017767 advisory. Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. I...

Linux Distros Unpatched Vulnerability : CVE-2026-4893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet...

GHSA-3F29-PQWF-V4J4 Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

Astra Linux - уязвимость в apache2

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Oracle Linux 10 : openssh (ELSA-2026-6463)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6463 advisory. 9.9p1-13.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37824421 9.9p1-13 - CVE-2026-3497: Fix information disclosure or denial of service due to...

CVE-2026-34763 Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service

A flaw was found in the ALSA USB audio driver of the Linux kernel. This vulnerability, a buffer overflow, occurs when the size of the Pulse-Code Modulation PCM stream data packets exceeds the maximum allowed by the USB descriptor. A local attacker could exploit this by providing specially crafted...

RLSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

PT-2026-6208

Name of the Vulnerable Software and Affected Versions RustFS versions alpha.13 through alpha.81 Description RustFS logs sensitive credential material, including access key, secret key, and session token, to application logs at the INFO level. This results in credentials being recorded in plaintex...

MiracleLinux 4 : freetype-2.3.11-19.AXS4 (AXSA:2019-4408:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4408:01 advisory. freetype: a heap-based buffer over-read in T1GetPrivateDict in type1/t1parse.c leading to information disclosure CVE-2015-9381 freetype: mishandling...

CVE-2025-14528

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...

Exploit for Path Traversal in Oracle Configurator

🚨 CVE-2025-61884 — High-Risk Oracle EBS Configurator Info Disc...

Fortinet FortiADC 信息泄露漏洞

FortiADC is an application delivery controller from Fortinet designed to optimize application performance, provide load balancing and enhance security. FortiADC suffers from a security vulnerability that stems from the program's failure to provide adequate access control for sensitive data access...

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the WriteFile and ReadFile tools. An attacker can gain full control over the server, including executing arbitrary commands, by supplying crafted file paths that allow...

Linux Distros Unpatched Vulnerability : CVE-2016-2499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not...

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. bsc1247564 - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web...