CVE-2026-4391 TeamSpeak 3 Server ECC Key heap-based overflow

A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this...

EUVD-2026-31576

A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNCDECODER of the file src/dissectors/ecgg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-114 (ALASECS-2026-114)

The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-114 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

[SECURITY] [DLA 4549-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4549-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 26, 2026 https://wiki.debian.org/LTS -...

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

CVE-2026-3703

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...

Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE

The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...

PT-2025-53083

Name of the Vulnerable Software and Affected Versions Real 3D FlipBook versions through 4.11.4 Description The Real 3D FlipBook plugin contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS condition. This allows an attacke...

Unity Linux 20.1070e Security Update: ncurses (UTSA-2025-991104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991104 advisory. A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the fil...

CVE-2025-11276

CVE-2025-11276 affects Rebuild up to 4.1.3, with the Comment/Guestbook component vulnerable to cross-site scripting via remote manipulation. Upgrade to 4.1.4 to fix. Public exploitation status is not detailed in the provided documents; multiple sources note vendor confirmation in private communic...

CVE-2025-27528

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2024-23349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...

CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

CVE-2024-39911

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2025-23012

Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...

Mozilla Thunderbird SEoL (24.x)

According to its version, Mozilla Thunderbird version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may...

ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

Summary ASA-2024-0012 Name: ASA-2024-0012, Transaction decoding may result in a stack overflow Component: Cosmos SDK Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmos-sdk versions = v0.50.10, = v0.47.14 Affected users: Chain Builders + Maintainer...

PT-2024-19996 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.12 Description: A malicious URL can be used to execute XSS on reports pages. This issue affects GLPI, a Free Asset and IT Management Software package. Recommendations: For versions prior to 10.0.12, upgrade to...

DEBIAN-CVE-2022-23483

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in libxrdpsendtochannel function. There are no known workarounds for this issue. Users are advised to upgrade...

Authorization

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...