408 matches found
CVE-2026-5935
CVE-2026-5935 affects IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2–9.6. The IBM advisory documents an OS Command Injection vulnerability (CWE-78) due to improper validation of user input, allowing an unauthenticated user to execute arbitrary commands with normal user privile...
GHSA-VCHC-9GGH-3236 Duplicate Advisory: uutils coreutils has a Path Traversal issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89p7-7cq3-hhr2. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect t...
CVE-2026-35363
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the PolicyDataSubsToNotifyPost process. An attacker can create unintended notification subscriptions with invalid, empty, or partially processed input by sending malformed or...
CVE-2026-35363
The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...
CVE-2026-35363
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
PT-2026-34499
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...
CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...
EUVD-2025-209536
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
Security update for libssh
This update for libssh fixes the following issues: CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
Libssh: buffer underflow in ssh_get_hexa() on invalid input
...
CVE-2026-0966
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
USN-8123-1 mbedtls vulnerabilities
It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same...