PT-2026-43256

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.22.10 Samba versions prior to 4.23.8 Samba versions prior to 4.24.3 Description A flaw exists in the Samba printing subsystem where the software passes a client-controlled job description string to the command...

RHEL 8 : gimp:2.8 (RHSA-2026:20552)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20552 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerabilities (USN-8302-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8302-1 advisory. It was discovered that NLTK incorrectly validated file paths when opening files...

Important: php8.2

Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...

PT-2026-44504

CVE-2026-43919 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2026-43919 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of...

Grav CMS 2.0.0-beta.2 - Remote Code Execution

Exploit Title: Grav CMS 'onPluginsInitialized', 0; public function onPluginsInitialized: void $shellpath = GRAVROOT . '/shell.php'; if !fileexists$shellpath fileputcontents$shellpath, '';...

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:2037-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2037-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2026-1727)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1727 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

PT-2026-43447

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

TencentOS Server 3: libtiff (TSSA-2026:0372)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0372 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2026-43370

Name of the Vulnerable Software and Affected Versions IBM HTTP Server versions 8.5 and 9.0 IBM WebSphere Application Server versions 8.5 and 9.0 IBM WebSphere Application Server Liberty versions 8.5 and 9.0 Description IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty...

PT-2026-43364

Name of the Vulnerable Software and Affected Versions IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 through 9.0 Description Remote code execution is possible in the Web Server Plug-ins when processing a specially crafted request. This issue allows an...

HP LaserJet Printers Insecure Default Initialization of Resource (CVE-2011-4161)

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables...

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 环境问题漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues vulnerabilities. These vulnerabilities stem from improper input validation, which may lead...

Velocity.js 安全漏洞

Velocity.js is a JavaScript implementation of the Apache Velocity template engine developed by Eward. Versions of Velocity.js 2.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution during the processing of set directives. Attackers could modif...

ROS-20260526-73-0007

A vulnerability in the lzmaindexappend function of the XZ Utils data compression package is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

RHEL 9 : gimp (RHSA-2026:20691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20691 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2026-1726)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1726 advisory. Global buffer over-read in mbconvertencoding with attacker-supplied encoding CVE-2026-6104 In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, th...

PT-2026-43368

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description Remote code execution and denial of service are possible in configurations that utilize TLS mutual authentication, also known as client authentication, which is a process wher...