PT-2026-22997

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 5.8.22 Craft CMS versions prior to 4.16.18 Description Craft is a content management system. A malicious payload can be crafted using the Twig map filter in text fields that accept Twig input within the Settings...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005450 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG...

Podman Vulnerable to Arbitrary File Write via Symbolic Link Traversal in 'play.go' File

Podman contains a symbolic link traversal vulnerability when the kube play command is used with a 'ConfigMap' or secret volume mount. A remote attacker could exploit this by creating a malicious symbolic link on the volume in order to overwrite the contents of arbitrary files, however the attacke...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the registeredStates map used during OAuth2 state handling. An attacker can cause the service to crash and become unavailable by sending multiple concurrent requests to the...

GHSA-45M3-398W-M2M9 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling

Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

PT-2026-22598

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A flaw exists in Tenda W20E version 4.0br V15.11.0.6 related to improper input validation. Specifically, the pPortMapIndex variable is not adequately validated before being used in a strcpy...

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the unvalidated pPortMapIndex parameter, which may lead to a buffer overflow...

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

EUVD-2026-9186

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

CVE-2026-24114

The CVE-2026-24114 entry refers to a vulnerability in Tenda W20E V4.0br_V15.11.0.6 where the pPortMapIndex parameter is not validated before a strcpy, which may cause a buffer overflow. The issue is documented across multiple feeds (NVD/Red Hat/CIRCL etc.) with impact described as potentially hig...

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005544 advisory. In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcmsysportxmit The bcmsysportxmit returns NETDEVTXO...

PT-2026-23499

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.10.3 Description OliveTin is susceptible to a denial-of-service condition stemming from an unsynchronized access issue within its OAuth2 login flow. Concurrent requests to the /oauth/login API endpoint can trigg...

TencentOS Server 4: qemu (TSSA-2026:0097)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0097 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2026-20902

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...

EUVD-2026-9098

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitation. If an attacker can modify the...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0617-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0617-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: -...