Access Control Bypass

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Access Control Bypass due to a PHP operator precedence issue in the CLI access guard of the install/deleteSystemdPrivate.php script. An attacker can cause deletion...

CVE-2026-34514 AIOHTTP: CRLF injection in multipart part content type header construction

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

AlmaLinux 9 : python3.11 (ALSA-2026:6286)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6286 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

AlmaLinux 8 : python3.12 (ALSA-2026:6283)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6283 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

PT-2026-29666

Name of the Vulnerable Software and Affected Versions Ewe versions prior to 3.0.6 Description The encode headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF r sequences. This allows an...

AlmaLinux 9 : python3.12 (ALSA-2026:6285)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6285 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

Credential Exposure

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

CVE-2026-34539

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34539 iccDEV: HBO in CTiffImg::WriteLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34539

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

K000160552: OpenSSL vulnerability CVE-2025-68160

Security Advisory Description Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typicall...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CLI MCP server. An attacker can gain unauthorized access to privileged tools by issuing cross-origin requests from a malicious website on the same machine, leveraging the...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CVE-2026-24154

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information...