RHSA-2026:7381 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Bulletin has no description...

EUVD-2026-21653

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054

CVE-2026-5054 – NoMachine Local Privilege Escalation . The issue is in NoMachine’s handling of command line parameters, where user-supplied paths are not properly validated before file operations. This can allow a local attacker who can execute low-privilege code to escalate to root and run arbit...

CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

NoMachine 安全漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. NoMachine has a security vulnerability, which stems from improper handling of command-line parameters, potentially leading to an increase in local privileges...

CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.12), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.12) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.12 Source cves: CVE-2026-40163 Source advisory: SNYK:JS-SALTCORNSERVER-15990855...

CVE-2025-50667

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wanlinedetection.asp endpoint...

EUVD-2026-21519

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

UBUNTU-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502

The CVE-2026-1502 entry concerns CR/LF bytes not being rejected by HTTP client proxy tunnel headers or host, as described in both the CVE record and the CVE-List entry. The connected documents indicate this is related to HTTP client proxy tunnel header validation, without providing specific affec...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

PSF-2026-15

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-35601

CVE-2026-35601 affects Vikunja prior to 2.3.0 where the CalDAV output generator concatenates iCalendar VTODO fields without RFC 5545 escaping. User-controlled task titles containing CRLF can break the SUMMARY boundary, enabling injection of arbitrary iCalendar properties such as ATTACH, VALARM, o...

CVE-2026-35659 OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...