CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

CVE-2026-43936

Summary: CVE-2026-43936 affects the e107 content management system (CMS). Before version 2.3.4, an SSRF flaw in the remote file fetcher can be triggered via the Image/File URL field in Media Manager’s From a remote location, allowing access to local environment resources. The issue is fixed in 2....

Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)

The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage） 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager. This vulnerability stems from the...

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

Oracle Identity Manager (April 2026 CPU)

The 14.1.2.1.0 version of Identity Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Easily exploitable...

SUSE-SU-2026:21203-1 Security update for strongswan

This update for strongswan fixes the following issues: Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP bsc1259472. Changes for strongswan: - Fixed a vulnerability in the NetworkManager plugin that...

Yubico多款产品 安全漏洞

Libfido2 and others are products open-sourced by Yubico. Libfido2 is a FIDO device communication library. Python-Fido2 is a library for implementing FIDO2 protocol clients and servers. YubiKey-Manager is a configuration management tool for YubiKeys. Several Yubico products have security...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

EUVD-2026-20355

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through = 3.3.52...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

EUVD-2026-12265

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

PT-2026-23261

Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through = 2.0...

WSO2 API Manager和WSO2 Identity Server（IS） 安全漏洞

WSO2 API Manager and WSO2 Identity Server are both products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server is an identity authentication server. Both WSO2 API Manager and WSO2 Identity Server have security vulnerabilities. These...

Microsoft Windows Remote Access Connection Manager 安全漏洞

Microsoft Windows Remote Access Connection Manager is a Windows service provided by Microsoft that manages VPN connections from your computer to the Internet. If this service is disabled, VPN client applications will not be able to start. There are security vulnerabilities in Microsoft Windows...

AZL-76868 CVE-2025-47911 affecting package cert-manager 1.12.15-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

MiracleLinux 4 : rpm-4.8.0-59.0.2.AXS4 (AXSA:2021-2775:09)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2775:09 advisory. rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Tenable has extracted the preceding description block directly from the MiracleLinux...

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10673)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...