PT-2026-47224

DelegatedRole. is target in pathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts...

Linux Distros Unpatched Vulnerability : CVE-2026-44307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory...

CVE-2026-34354

CVE-2026-34354 affects Akamai Guardicore Platform Agent (GPA) on Linux/macOS and Akamai Zero Trust Client, versions 7.0–7.3.1 and 6.0–6.1.5 respectively. The vulnerability is TOCTOU-based local privilege escalation caused by the GPA service creating a world-writable IPC socket in /tmp and accepti...

CVE-2025-62768

Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows...

EUVD-2018-15998

Malware in sbrugna...

EUVD-2018-7368

Malware in sbrugna...

EUVD-2025-9915

Malicious code in bioql PyPI...

EUVD-2024-31812

Malicious code in bioql PyPI...

EUVD-2025-7415

Malicious code in bioql PyPI...

EUVD-2023-57437

Malicious code in bioql PyPI...

EUVD-2025-16339

Malicious code in bioql PyPI...

Security Vulnerabilities fixed in Thunderbird 128.10 — Mozilla

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

Security Vulnerabilities fixed in Firefox ESR 128.10 — Mozilla

Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...

CVE-2025-27556

Django 5.1 before 5.1.8 and 5.0 before 5.0.14 are affected by a Windows‑specific DoS due to slow NFKC normalization. Vulnerable components include django.contrib.auth.views.LoginView/LogoutView and django.views.i18n.set_language, as well as redirect handling that normalizes URLs. Patches are avai...

CVE-2025-27556

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

CVE-2025-27837

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...

Subnet mask missing in Windows once PVS target is booted via BDM

When booting a PVS target using a BDM with static IP and having DHCP enabled in the vdisk, Windows may be missing its subnet mask...

UBUNTU-CVE-2024-47535

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts ...

CVE-2024-8926

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt...