Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2023-32229)

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256. This plugin only works with Tenable.ot...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Version 0.10.1 of Guardrails contains a security vulnerability. This vulnerability stems from the release of a malicious version to PyPI, which may cause damage to user systems...

Supermicro AS-2115HS-TNR BMC 安全漏洞

Supermicro AS-2115HS-TNR BMC is a server out-of-band management control system developed by Supermicro Corporation. There is a security vulnerability in Supermicro AS-2115HS-TNR BMC, which stems from the injection of custom characters in the SMTP service configuration. This vulnerability may allo...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional success of the spintrylock operation when calling kmallocnolock within the NMI contex...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and the allocation of the powersupply handle in the power...

EUVD-2026-31204

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fixed out-of-bounds access issues. The memory range was clipped to the size of the screen buffer to prevent out-of-bounds access during the damage handling in fbdev’ deferred I/O operations. fbdev’ deferred I/O can...

PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibiting potential out-of-bounds accesses The fbdev test in IGT may write after EOF, leading to out-of-bound accesses for DRM drivers that use fbdev-generic. For example, running the fbdev test on an...

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide...

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect return value of the lookupextentdataref function in btrfs, potentially causing damag...

X.Org X Server 安全漏洞

X.Org X Server is an X Window system display server developed by the X.Org Foundation. There are security vulnerabilities in X.Org X Server, which stem from the reutilization of freed resources in the XSYNC fence trigger logic. Attackers could exploit these vulnerabilities to cause server crashes...

EUVD-2026-24963

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

GHSA-9GQX-53GP-C8G3 uutils coreutils allows users to bypass the --preserve-root safety mechanism

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

PowerDNS Authoritative Server 输入验证错误漏洞

The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is a vulnerability in input validation of the PowerDNS Authoritative Server. This vulnerability arises from operations conducted by administrators who are allowed to use the REST API. Such actions may...