PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

VulnCheck KEV: CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Exploit for CVE-2026-40175

audit-axios Scan local repos for vulnerable axios versions an...

EUVD-2026-11164

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

CVE-2026-30900

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

CVE-2026-30900

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

CVE-2026-30900

CVE-2026-30900 affects Zoom Clients for Windows. It describes an improper check of minimum version in the update functionality, enabling an authenticated user with local access to escalate privileges (local, required privileges: low; UI: none; scope: unchanged; impact: high on confidentiality, in...

PT-2026-24681

Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description An improper check of the minimum version in the update functionality of certain Zoom Clients for Windows could allow an authenticated user to escalate privileges through loca...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to buffer overflow due to the zlib package (CVE-2023-45853)

Summary Zlib is used by DataStage on Cloud Pak for Data as part of buffer compression functionality. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename,...

SUSE CVE-2022-49804

In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for currentstackpointer Commit 30de14b1884b "s390: currentstackpointer shouldn't be a function" made currentstackpointer a global register variable like on many other architectures. Unfortunately...

[SECURITY] Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

[SECURITY] Fedora 39 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc39

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>) a different solution is required such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23 3.6.13 3.7.9 3.8.4 or 3.9.

...

`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...

AZL-32296 CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)

org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...