PT-2026-43251

Name of the Vulnerable Software and Affected Versions gix-submodule versions prior to 0.29.0 gitoxide versions prior to 0.5.21 gix versions prior to 0.84.0 Description Incorrect validation of the update field in .gitmodules allows attackers to bypass the CommandForbiddenInModulesConfiguration gua...

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

RHEL 8 : gimp:2.8 (RHSA-2026:20554)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20554 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Linux Distros Unpatched Vulnerability : CVE-2026-4480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the print command...

RHEL 8 : gimp:2.8 (RHSA-2026:20553)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20553 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...

TencentOS Server 3: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (TSSA-2026:0391)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0391 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Important: mod_http2

Issue Overview: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-23918 Affected Packages: modhttp2 Issue Correction: Run dnf...

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the gdiCacheToSurface function, which could allow remote attackers ...

CVE-2026-4408

Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR server...

Important: dnsmasq

Issue Overview: A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4890 A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause...

CVE-2026-48689

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five methods appenddynamicbuffer, appenddataaspointer, appenddataasobjectptr, memcpyfromptr, memcpyfromobjectptr use an incorrect bounds chec...

IBM HTTP Server 代码注入漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain code injection vulnerabilities. These vulnerabilities stem from configurations involving TLS mutual authentication, which may lead to remote...

Important: php8.4

Issue Overview: Global buffer over-read in mbconvertencoding with attacker-supplied encoding CVE-2026-6104 In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a...

PT-2026-43365

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

Unauthenticated Remote Code Execution

Description Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. This leads to a remote code execution vulnerability. Print servers configured with "printing...

Unauthenticated Remote Code Execution

Description Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a username and password to the "check password script" that can be...

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 代码注入漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain a code injection vulnerability that can be exploited by remote code execution attacks...

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...