CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

AlmaLinux 8 : firefox (ALSA-2026:0667)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

EUVD-2022-3943

Malicious code in bioql PyPI...

EUVD-2024-0376

Malicious code in bioql PyPI...

PT-2024-40494 · Unknown · Forum Module

Name of the Vulnerable Software and Affected Versions: Forum module affected versions not specified Description: The issue allows malicious users, such as spammers, to create members and post to forums using GET requests, bypassing CSRF and anti-spam measures. Additionally, a forum moderator can ...

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

CVE-2023-41981

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

CVE-2023-41981

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

CVE-2021-44191

Adobe After Effects versions 22.0 and earlier and 18.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

GSD-2023-1002261 bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation

bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commi...

GSD-2023-1002084 bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation

bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.91 by commit...

SUSE: Security Advisory (SUSE-SU-2022:4488-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39955

A flaw was found in the OWASP ModSecurity Core Rule Set. A specially crafted HTTP Content-Type header field allows an encoded payload bypass detection, which may be decoded in the back-end application...

CVE-2022-34383

Dell Edge Gateway 5200 EGW versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07323)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...

CVE-2020-9362

Technical details about CVE-2020-9362 are not publicly available within the provided documents. The records show a virus-detection bypass in the Quick Heal AV parsing engine via crafted ZIP files, but no concrete affected versions, components, or fixes are disclosed here. Monitor for updates.

CVE-2019-18802

CVE-2019-18802 affects Envoy 1.12.0. An untrusted remote client can send an HTTP header (e.g., Host) with trailing whitespace, causing Envoy to treat header-value and header-value as different strings and potentially bypass Host matchers. The linked records (including openSUSE/SUSE advisories) as...

openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2019:0042-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

kernel security and bug fix update

2.6.32-754.OL6 - Update genkey bug 25599697 2.6.32-754 - powerpc 64s: Add support for a store forwarding barrier at kernel entry/exit Mauricio Oliveira 1581053 CVE-2018-3639 - x86 amd: Disable AMD SSBD mitigation in a VM Waiman Long 1580360 - x86 specctrl: Fix late microcode problem with AMD Waim...