CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

Astra Linux - уязвимость в jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

Aureus ERP 代码注入漏洞

Aureus ERP is an enterprise resource planning system developed by aureuserp. Versions of Aureus ERP 1.3.0-BETA2 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters “subject” and “body” in the file...

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

EUVD-2006-2486

Malware in sbrugna...

EUVD-2015-5069

Malware in sbrugna...

EUVD-2012-2657

Malware in sbrugna...

FreeBSD : openvpn-devel -- script injection vulnerability from trusted but malicious server (e5cf9f44-9a64-11f0-8241-93c889bb8de1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e5cf9f44-9a64-11f0-8241-93c889bb8de1 advisory. Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings...

Linux Distros Unpatched Vulnerability : CVE-2019-6472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0,...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

DEBIAN-CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

UBUNTU-CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

CVE-2025-9384 appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

CVE-2025-9384

CVE-2025-9384 affects appneta tcpreplay up to version 4.5.1. The vulnerability is in tcpedit_post_args (src/tcpedit/parse_args.c) and can cause a null pointer dereference. Exploitation requires local access, and public proof-of-concept details exist. Remediation available via upgrade to 4.5.2-bet...

CVE-2025-9384 appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

io.airlift:http-server (=324), io.airlift:jmx-http (=324) +5 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-server (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047652...

PT-2025-33863

Name of the Vulnerable Software and Affected Versions: appneta tcpreplay versions through 4.5.2-beta2 Description: A use-after-free issue exists in the tcprewrite component, specifically within the untrunc packet function of the src/tcpedit/edit packet.c file. This can be exploited locally. The...

ZPan 安全漏洞

ZPan is a cloud storage based web disk system by the individual developer Jasper Van. A security vulnerability exists in ZPan 1.6.5 and 1.7.0-beta2 and earlier versions, which stems from the use of hard-coded passwords...