CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

PT-2025-47560

Name of the Vulnerable Software and Affected Versions Grafana versions 12.0.0 through 12.2.1 Grafana versions 12.0.6, 12.1.3, 12.1.4, 12.2.1, and 12.3.0 Description A critical vulnerability exists in Grafana Enterprise versions 12.x related to the System for Cross-domain Identity Management SCIM...

Oracle Linux 9 : python3.11 (ELSA-2024-11111)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-11111 advisory. 3.11.9-7.2 - Security fix for CVE-2024-9287 Resolves: RHEL-64882 Tenable has extracted the preceding description block directly from the Oracle Linux security...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

A Vulnerability Disclosure Program is not just a page on a web site

It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...

MGASA-2018-0467 Updated flash-player-plugin packages fix security vulnerability

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. CVE-2018-15981...

CVE-2018-0112

creationtimestamp| type| source ---|---|--- 2018-04-21 13:02:48+00:00| seen| https://t.me/informationsecuritychannel/16605 2018-12-31 07:31:23+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/cisco-korjasi-kriittisia-haavoittuvuuksia...

Cross site request forgery (csrf)

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

Denial of Service vulnerability in War FTP Daemon 1.82

Late last week, security researchers at jura.ba reported a Denial of Service vulnerability in War FTP Daemon 1.82. The problem was rooted in the way log messages was relayed from the internal log handler to the Windows Event log when the sever was running as a Windows service. Theoretically, it...

Critical: Red Hat Security Advisory: firefox security, bug fix, and enhancement update

An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

Kaspersky AntiVirus and Internet Security Unspecified Vulnerability

This host is installed with Kaspersky AntiVirus or Internet Security and is prone to an unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbkasperskyprdtssecbypassvulnaug09.nasl 6516 2017-07-04 12:20:47Z cfischer $ Kaspersky AntiVirus and Internet Security Unspecified Vulnerability...

CVE-2009-2647

CVE-2009-2647 affects Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 prior to Critical Fix 9.0.0.463. The vulnerability is described as unspecified and allows remote attackers to disable the protection provided by Kaspersky software via unknown attack vectors unrelated to external...

Code injection

Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 3.0.278.4 sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges...

ExLibris Aleph and Metalib Cross Site Scripting Attack

ExLibris Aleph and Metalib Cross Site Scripting Attack ------------------------------------------------------ Matthew Cook Date 16/07/2007 http://escarpment.net/ http://escarpment.net/exlibris.txt Attack: Multiple versions of the ExLibris http://www.exlibrisgroup.com/ Aleph and Metalib products a...

Kaspersky Anti-Virus for Check Point FireWall-1 Unspecified DoS

The version of Kaspersky Anti-Virus for Check Point FireWall-1 installed on the remote host suffers from an as-yet unspecified issue in which the antivirus kernel may freeze. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid25710; scriptversion"1.19"; scriptcvsdate"Dat...