PT-2026-3084

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002015)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002015 advisory. Race condition in the athtxaggrsleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002922 advisory. The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001806 advisory. Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by...

CVE-2025-14242

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. Mitigation Mitigation for this issue is either not...

MiracleLinux 4 : libtasn1-2.3-3.AXS4.1 (AXSA:2012-480:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-480:01 advisory. This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org Security...

PT-2026-5227

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security flaw exists in D-Link DIR-823X version 250416. The issue is related to the sub 41E2A0 function within the /goform/set mode file. Manipulation of the lan gateway argument can lead to operati...

ROS-20260114-7315

A vulnerability in the hugetlb component of the trygetfolio function of the Linux kernel is related to errors in updating the reference count. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.9-2.3.3.AXS4.1 (AXSA:2012-967:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-967:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2012-3216 Unspecified vulnerability in the Java Runtime Environment JRE...

MiracleLinux 4 : libproxy-0.3.0-3.AXS4 (AXSA:2012-1035:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-1035:01 advisory. libproxy offers the following features: extremely small core footprint 35K no external dependencies within libproxy core libproxy plugins may have dependenci...

CVE-2025-15493

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-15494

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2026-0803

A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The...

CVE-2026-0840

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploi...

CVE-2022-50925

CVE-2022-50925 concerns Prowise Reflect 1.0.9 with a remote keystroke injection via an exposed WebSocket on port 8082. The root cause is a malfunctioning WebSocket interface that allows crafted pages to send keyboard events, potentially opening applications and typing arbitrary text. Documented i...

CVE-2026-20868

CVE-2026-20868 is a heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) that enables remote code execution over the network. Public disclosures and vendor advisories (RRAS context) indicate this vulnerability affects Windows RRAS; Microsoft has released January 2026 sec...

Astra Linux – Vulnerability in binutils

A vulnerability has been discovered in GNU Binutils 2.43 and is classified as problematic. The vulnerability affects the function sanitizer::internalstrlen in the file binutils/nm.c of the nm component. Manipulation of the const argument leads to a buffer overflow. The attack can be launched...

MiracleLinux 7 : binutils-2.27-44.0.1.base.el7.1.AXS7 (AXSA:2025-9812:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9812:01 advisory. - CVE-2025-0840: fix stack-buffer-overflow at objdump disassemblebytes CVEs: CVE-2025-0840 A vulnerability, which was classified as problematic, was found in...

CVE-2026-22781 TinyWeb CGI Command Injection

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...