SUSE SLES15 Security Update : valkey (SUSE-SU-2026:1949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1949-1 advisory. This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code...

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

PT-2026-41932

Name of the Vulnerable Software and Affected Versions GlassFish affected versions not specified Description An authenticated Remote Code Execution RCE issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system comman...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after QUIC release, which could allow remote attackers to execute arbitrary code within a...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, which stems from a heap buffer overflow. Unauthorized attackers may execute code through the network as a result of this vulnerability...

CtrlPanel.gg 操作系统命令注入漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Web installer performing the install.lock check...

CtrlPanel.gg 安全漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg prior to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the management settings update endpoint accepting user-provided class names and using th...

PT-2026-42239

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calling within web browsers. This issue allows a remote...

PT-2026-42238

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in XR Extended Reality allows a remote attacker to execute arbitrary code via a crafted HTML page. Recommendations Update to version 148.0.7778.179 or later...

RHEL 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:19180)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19180 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

RHEL 9 : mariadb:11.8 (RHSA-2026:19182)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19182 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: MariaDB: MariaDB: Remote Code...

SUSE SLES15 Security Update : valkey (SUSE-SU-2026:1950-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1950-1 advisory. This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code...

VulnCheck KEV: CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of DOM elements after their release, which could allow remote attackers to execute arbitrary code with...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by a WebRTC heap buffer overflow. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially...

TYPO3 Extension Site Crawler 代码问题漏洞

TYPO3 Extension Site Crawler is an open-source extension for TYPO3 that handles site crawling and indexing tasks. There are code vulnerabilities in TYPO3 Extension Site Crawler; these vulnerabilities stem from the direct deserialization of the X-T3Crawler-Meta response header, which may lead to...

PT-2026-41814

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

PT-2026-42013

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...

PT-2026-42016

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...