Linux Distros Unpatched Vulnerability : CVE-2026-28377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users t...

EUVD-2026-5645

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

CVE-2025-58445

CVE-2025-58445 concerns the Atlantis self-hosted Go application. The connected document GO-2025-3940 describes Atlantis exposing the service version publicly via the "/status" API endpoint in github.com/runatlantis/atlantis. The Initial document states that this information disclosure could allow...

CVE-2023-28442 Geoserver for GeoNode sensitive information leak

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...