CVE-2026-41284 Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade ...

CVE-2026-43176 affecting package kernel for versions less than 6.6.137.1-2

CVE-2026-43176 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

EUVD-2026-26275

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

Linux Distros Unpatched Vulnerability : CVE-2025-59032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it...

EUVD-2026-16559

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

ALPINE-CVE-2026-27857

Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...

[SECURITY] [DSA 6166-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6166-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2026 https://www.debian.org/security/faq -...

CVE-2025-38685 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38685 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...

Debian dsa-6158 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6158 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6158-1 [email protected] https://www.debian.org/securit...

CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

XXE (XML External Entity Injection) org.apache.jackrabbit:jackrabbit-spi-commons Dependency in Confluence Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...

XXE (XML External Entity Injection) in Jira Service Management Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, and 11.1.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.4 and a CVSS Vector of...

Prototype Pollution Third-Party Dependency in Confluence Data Center and Server - CVE-2022-46175

This High severity vulnerability known as CVE-2022-46175 was introduced in 7.19.0, 8.5.0, 8.6.0, 8.8.0, 8.7.1, 8.9.0, 9.1.0, 9.0.1, 9.2.0, 9.3.1 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H...

Linux Distros Unpatched Vulnerability : CVE-2025-31651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was...

PT-2025-3170 · Wordpress Monsters · Preloader

Name of the Vulnerable Software and Affected Versions: Preloader by WordPress Monsters versions 1.2.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

PT-2024-36641 · Unknown · Navayan Csv Export

Name of the Vulnerable Software and Affected Versions: Navayan CSV Export versions 1.0.9 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This problem enables attackers to inject malicious SQL...

PT-2024-32992 · Thinkphp · Thinkphp

Name of the Vulnerable Software and Affected Versions: Thinkphp versions 6.1.3 through 8.0.4 Description: A deserialization issue in the controllerIndex.php component allows attackers to execute arbitrary code. Recommendations: For versions 6.1.3 through 8.0.4, update to a version that contains a...