Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

GHSA-XQV4-XM7H-52CV Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...

Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...

CLSA-2026-1777481470 glibc: Fix of CVE-2021-3326

CVE-2021-3326: fix assertion failure in iconv ISO-2022-JP-3 module...

EUVD-2026-26237

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-4de4d247a0)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-4de4d247a0 advisory. nginx-mod-brotli: - Rebuild for 1.28.3 nginx-mod-fancyindex: - Rebuild for 1.28.3 nginx-mod-naxsi: - Rebuild for 1.28.3 nginx-mod-headers-more: -...

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the editFile function in the file...

Filesystem MCP Server 路径遍历漏洞

The Filesystem MCP Server is a context-based protocol developed by Manan Sharma, which provides comprehensive access and manipulation of the file system. Version 1.0.0 of the Filesystem MCP Server contains a path traversal vulnerability. This vulnerability stems from improper handling of the...

PT-2026-37144

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...

Linux Distros Unpatched Vulnerability : CVE-2026-31687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpio: omap: do not register driver in probe Commit 11a78b794496 ARM: OMAP: MPUIO wake updates registers the omapmpuiodriver from omapmpuioinit, which is called...

Linux Distros Unpatched Vulnerability : CVE-2026-31573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing...

ROS-20260429-73-0042

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

PT-2026-37147

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description Several administrative operations within the preferences module are executed via GET requests without CSRF token validation. This allows an attacker to force an authenticated administrator to trigger...

PrestaShop Version Hunter

psversionhunter.py fingerprints a PrestaShop installation by comparing the versions of its native modules against the module versions bundled with a known PrestaShop release tag. This is useful when a target does not expose the PrestaShop core version directly but still exposes native module...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

MINI-PWR9-8W5F-H2MG

Bulletin has no description...

CLSA-2026-1777366733 python3: Fix of CVE-2026-1299

CVE-2026-1299: reject newline injection in email module's BytesGenerator when serializing headers - Skip test.testxmletree.XMLPullParserTest.testsimplexml during RPM build; unrelated expat-2.1.0-15.0.7.tuxcare.els1 regression breaks XMLPullParser chunked-feed semantics in TuxCare ELS el7 build...

MINI-CVM8-V5R3-C6X6

Bulletin has no description...

RLSA-2026:10745 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...