196 matches found
Astra Linux – Vulnerability in the 389-DS-base
A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...
OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage
A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...
Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017656 advisory. A flaw was found in samba. The Samba smbd file server must map Windows group identities SIDs into unix group ids gids. The code that performs this had a flaw that...
CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.
HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...
CVE-2026-6500
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-7956
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...
CVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...
CVE-2026-0620
The CVE-2026-0620 entry concerns the TP-Link Archer AXE75 V1 when configured as an L2TP/IPSec VPN server. Affected component: L2TP/IPSec VPN server handling; root cause: L2TP connections may be accepted without IPSec protection even if IPSec is enabled, leading to unencrypted VPN sessions and exp...
CVE-2026-1477
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001504)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001504 advisory. A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vcmode is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004096)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004096 advisory. A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index aft...
EUVD-2025-201916
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...
CVE-2025-27232 Frontend arbitrary file read in oauth.authorize action
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
AZL-70529 CVE-2025-61664 affecting package grub2 for versions less than 2.06-16
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...
CVE-2021-4471
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading...
EUVD-2021-26742
Malware in sbrugna...
EUVD-2021-26901
Malware in sbrugna...