PT-2026-40979

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

CVE-2026-20131

CVE-2026-20131 affects Cisco Secure Firewall Management Center (FMC) Software via the web-based management interface. The root cause is insecure deserialization of untrusted Java byte streams, enabling an unauthenticated, remote attacker to execute arbitrary Java code as root. Affected artifacts ...

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

The Age of the All-Access AI Agent Is Here

Big AI companies courted controversy by scraping wide swaths of the public internet. With the rise of AI agents, the next data grab is far more private...

mDNS Service Public WAN (Internet) Accessible

The script checks if the target host is exposing a service supporting the Multicast DNS mDNS protocol to a Public WAN Internet. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

EUVD-2023-38714

Malicious code in bioql PyPI...

EUVD-2025-30331

Malicious code in bioql PyPI...

EUVD-2023-38713

Malicious code in bioql PyPI...

CVE-2025-59344

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery SSRF vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows...

CVE-2025-59344 AliasVault Vulnerable to Server-Side Request Forgery via Favicon Extraction

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery SSRF vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows...

CVE-2025-59344 AliasVault Vulnerable to Server-Side Request Forgery via Favicon Extraction

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery SSRF vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows...

CVE-2025-58180

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel ACP exposed to the public internet. FreePBX is an open-source private branch exchange PBX platform widely used by...

CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...

CVE-2023-34673

Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases...

CVE-2021-21402

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public...

SUSE CVE-2024-47871

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

Slackware Linux 15.0 / current cups-filters Vulnerability (SSA:2024-275-01)

The version of cups-filters installed on the remote host is prior to 1.28.17 / 2.0.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-275-01 advisory. - CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality...

Improper Source Verification

cups-filter is vulnerable to Improper Source Verification. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL. Due to the service binding to :631 INADDRANY , multiple bugs in...

CVE-2024-47176

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...