CVE-2026-5444

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation,...

SUSE-SU-2026:21079-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

RLSA-2026:6906 Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

nginx security update

An update is available for nginx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a...

nginx:1.24 security update

An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

RLSA-2026:6907 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

Exploit for CVE-2026-4747

...

ALSA-2026:7343 Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

RockyLinux 10 : nginx (RLSA-2026:6906)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6906 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification vi...

Linux Distros Unpatched Vulnerability : CVE-2026-39864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of- bounds read in the auth module of Kamailio formerly...

Oracle Linux 9 : nginx (ELSA-2026-7002)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7002 advisory. - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngxhttpdavmodule - Resolves:...

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

CVE-2025-50228

CVE-2025-50228 affects Jizhicms v2.5.4 with a Server-Side Request Forgery (SSRF) vulnerability in the User Evaluation, Message, and Comment modules. The connected sources confirm the affected version and modules but do not provide root-cause details, exploitation status, or remediation steps. The...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

GL.iNet GL-RM 授权问题漏洞

GL.iNet GL-RM is a series of embedded IoT remote management and communication modules developed by GL.iNet Corporation. There are authorization-related vulnerabilities in GL.iNet GL-RM. These vulnerabilities stem from issues with the Factory Reset Handler component, where improper authentication...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

CVE-2026-5812

CVE-2026-5812 – SourceCodester Pharmacy Product Management System 1.0 : A flaw in add-sales.php (POST Parameter Handler) allows manipulation of the txtqty parameter, triggering business-logic errors. Exploitation can be remote; exploit publicly released. No explicit patch/version details or vendo...

CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...