Exploit for Missing Authentication for Critical Function in Cpanel

cPanel-CVE-2026-41940-Scanner !Licensehttps://img.shields...

PT-2026-36541

Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...

EUVD-2026-26416

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

Sensitive Information Disclosure

Apache Kafka is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging of sensitive request and response data at DEBUG level in the NetworkClient component, which allows an attacker with log access to obtain sensitive information...

exploit-tool

Exploit-Tool Single-console pentest platform built on authori...

Absolute Secure Access 信息泄露漏洞

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.50 contained a vulnerability related to information leakage, caused by a format...

Apple Security Advisory 04-22-2026-1

Apple Security Advisory 04-22-2026-1 - iOS 26.4.2 and iPadOS 26.4.2 address a logging issue with improved data redaction...

Apple Security Advisory 04-22-2026-2

Apple Security Advisory 04-22-2026-2 - iOS 18.7.8 and iPadOS 18.7.8 address a logging issue with improved data redaction...

PT-2026-36170

Name of the Vulnerable Software and Affected Versions Secure Access client for MacOS versions prior to 14.50 Description A format string issue exists in the logging subsystem. Attackers controlling a modified server can force the client to dump small portions of memory into log files, which may...

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.10

Logging for Red Hat OpenShift - 6.2.10 Red Hat OpenShift Logging 6.2.10 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

CVE-2026-42167

modsql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

EUVD-2026-26157

modsql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

RockyLinux 8 : python3.12 (RLSA-2026:10950)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ALSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...