Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)

The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...

EUVD-2026-21798

Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-34855

Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS WEB module, which can be exploited by an attacker to compromise confidentiality and...

CVE-2026-5621

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...

EUVD-2026-19343

An authenticated stored cross-site scripting XSS vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

FeehiCMS 安全漏洞

FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type XSS issue with the Name parameter of the category module, which may allow for the execution ...

CVE-2026-4747

CVE-2026-4747 is a FreeBSD vulnerability in the RPCSEC_GSS implementation (kgssapi.ko) where svc_rpc_gss_validate() copies attacker-controlled data into a 128-byte stack buffer without enforcing size, enabling a 304-byte overflow when credential bodies up to 400 bytes are supplied. This can lead ...

CVE-2026-29101

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

Huawei HarmonyOS Device Security Management Module Competitive Conditions Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device security management module, which can be exploited by an attacker to cause...

PT-2026-23419

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-23427

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

GO-2026-4394 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk...

ALPINE-CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Huawei HarmonyOS HDC module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from the HDC module failing to properly validate the length and size of input data,...

Huawei EMUI and Huawei HarmonyOS DFX Module Out-of-Bounds Write Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei EMUI and Huawei HarmonyOS DFX module, which can be...

CVE-2026-24924

Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2020-37141

AMSS++ v4.31 contains a SQL injection in the mail module, specifically in maildetail.php via the id parameter. The vulnerability could allow an attacker to manipulate SQL queries and access/modify database contents. According to Red Hat and PT- Security entries, remediation centers on updating to...