CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

PT-2026-45960

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

EUVD-2026-28367

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

Tanium Threat Response 信息泄露漏洞

Tanium Threat Response is a core security module for endpoint detection and response developed by the American company Tanium. Tanium Threat Response has an information leakage vulnerability. This vulnerability stems from allowing authenticated Tanium users with threat response configuration-read...

CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

RHEL 9 : kernel (RHSA-2026:2759)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2759 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: xHCI driver...

ALSA-2026:1661 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error CVE-2024-26766 kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in...

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

EUVD-2015-4648

Malware in sbrugna...

GHSA-WC64-C5RV-32PF in-toto vulnerable to Configuration Read From Local Directory

Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...

CLARO KAON CG3000 访问控制错误漏洞

The CLARO KAON CG3000 is a router from the Brazilian company CLARO. An access control error vulnerability exists in the CLARO KAON CG3000 version 1.00.67. The vulnerability allows an attacker to read or update the configuration without authentication...

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal

Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Date: 2019-12-17 CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author:...

CloudBees Jenkins Black Duck Hub Plugin Incorrect Authorization Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Black Duck Hub Plugin is used in one...

CVE-2018-10729

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user...

Drupal Core Access Bypass Vulnerability (CNVD-2016-08687)

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability in the system.temporary route in version 8.x of Drupal prior to 8.1.10 can be exploited by a remote attacker to bypass established access...

DEBIAN-CVE-2016-1714

The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...

Design/Logic Flaw

Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640...

CVE-2007-6476

GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function...