192404 matches found
PT-2026-28671
Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0 Description A security flaw exists in code-projects Simple Laundry System 1.0. The issue affects an unknown function within the file /modstaffinfo.php of the Parameter Handler component...
CVE-2026-27855
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...
PT-2026-28585
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.7 Description WeGIA is a web manager for charitable institutions. Versions prior to 3.6.7 contain a flaw in the html/socio/sistema/deletar tag.php file. This file utilizes the extract$ REQUEST function on line 14, a...
PT-2026-28278
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...
PT-2026-28460
Name of the Vulnerable Software and Affected Versions wazuh-manager versions prior to 4.7.4 Description The authd service in Wazuh Manager contains an improper restriction of client-initiated SSL/TLS renegotiation. This allows remote attackers to cause a denial of service by sending excessive...
Medium: lcms2
Issue Overview: A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color...
CVE-2026-30569
CVE-2026-30569 affects SourceCodester Sales and Inventory System 1.0. The flaw is a reflected XSS in view_stock_availability.php triggered through the limit parameter, with the app failing to sanitize input. This enables an attacker to inject arbitrary script/HTML via a crafted URL. CVSSv3.1 base...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities within the Spring ecosystem. Versions of VMware Spring AI prior to 1.0.5 and 1.1.4 contained security vulnerabilities. These vulnerabilities...
CVE-2025-59031
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
strongSwan CVE-2026-25075 Vulnerability Assessment Tool
This tool allows you to safely detect whether a strongSwan VPN server is vulnerable to CVE-2026-25075 without causing any disruption. CVE-2026-25075 is an integer underflow vulnerability in strongSwan's EAP-TTLS plugin that allows remote, unauthenticated attackers to crash the IKE daemon through ...
SourceCodester Inventory System 跨站脚本漏洞
The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the limit parameter in the viewsales.php file. It is...
Open-Xchange OX Dovecot Pro 安全漏洞
Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability that can be exploited under certain conditions, leading to a replay attack, which may allow attackers to log in as users...
CVE-2026-27856
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a data manipulation vulnerability...
UBUNTU-CVE-2026-27860
If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...
ROS-20260327-73-0006
A vulnerability in the Golang programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
UBUNTU-CVE-2026-27856
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...
Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)
The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...
Linux Distros Unpatched Vulnerability : CVE-2026-33898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication...
SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...