Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

Astra Linux - уязвимость в xen

A issue was discovered in Xen versions 4.9 through 4.14.x. On the ARM architecture, a guest can control whether memory accesses bypass the cache. This means that Xen needs to ensure that all writes such as those during scrubbing have reached the memory before handing over the page to the guest...

CVE-2026-41402

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

PT-2026-35779

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An issue exists in Plivo V3 signature verification where the system canonicalizes query ordering for signatures but hashes raw URLs for replay detection. This allows attackers to reorder query...

PT-2026-35558

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A path traversal issue exists in the ACP dispatch component. This allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths, bypassing the root directory...

CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

Linux Distros Unpatched Vulnerability : CVE-2026-2791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Azure Linux 3.0 Security Update: prometheus-process-exporter (CVE-2022-46146)

The version of prometheus-process-exporter installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46146 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions...

Linux Distros Unpatched Vulnerability : CVE-2021-3907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OctoRPKI does not escape a URI with a filename containing .., this allows a repository to create a file, ex...

EUVD-2000-0617

Malware in sbrugna...

Unsafe Dependency Resolution

Overview @nx/azure-cache is an A Nx plugin which provides a Nx cache which can be self hosted on Azure Blob Storage. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the build cache process. An attacker can inject compromised artifacts into trusted production...

Important: squid

Issue Overview: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decod...

Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. "These attacks likely rely on access to multiple virtual private servers VPS in conjunction with rented cloud...

DEBIAN-CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

DEBIAN-CVE-2021-26933

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes such as the ones during scrubbing have reached the memory before handing over the page to a guest...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1227-1)

This update for squid fixes the following issues : CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. CVE-2020-11945: fixes a potential remote execution...