Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

This module enables you to obfuscate email addresses in content. The module doesn't sufficiently sanitize user input via the Twig filter. This vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using...

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

Oracle Linux 8 : kernel (ELSA-2026-9131)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9131 advisory. - dlm: prevent NPD when writing a positive value to eventdone Alexander Aring RHEL-136236 CVE-2025-23131 - scsi: qla2xxx: Fix improper freeing of purex...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013593 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

openSUSE 16 Security Update : clamav (openSUSE-SU-2026:20479-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20479-1 advisory. Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial...

kernel security update

6.12.0-124.52.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013427 advisory. A use-after-free flaw was found in the Linux kernel in logreplay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013808 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stac...

RHEL 9 : kernel (RHSA-2026:9644)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9644 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel:A use-after-free ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013595 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrect descriptor completion in the llistabortdesc function of the dmaengine module. This...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013828 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because componentmasterdel...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the commentable field in the API, which allows access to all commentable resources without permission checks. An attacker can retrieve sensitive information by sending unauthenticated requests to the /api...

CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

EUVD-2026-24223

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

CVE-2026-41193 FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

CVE-2026-41193

CVE-2026-41193 — FreeScout Zip Slip path traversal . Affected: FreeScout prior to v1.8.215.Issue: The module installation feature extracts ZIP archives without validating file paths, enabling an authenticated admin to write arbitrary files on the server filesystem via a crafted ZIP.Impact (as sta...

CVE-2026-41193 FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

DEBIAN-CVE-2017-20230

Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...