5397 matches found
CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
EUVD-2026-24221
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...
PT-2026-34039
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The reply and draft flows trust encrypted attachment IDs supplied by the client. Any IDs included in the attachments all variable but omitted from retained lists are decrypted and passed to the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013323)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013323 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013285)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013285 advisory. A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010854)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010854 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007007)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007007 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm-lock to fix UAF in svmregisterencregion Do the cache flush of...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the reliance on encrypted attachment IDs provided b...
MAL-2026-2949 Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
Malicious code in pathjoin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a94ee2403006fa62b8cfd3e6ac5a3ae32f316ab9b32fd0dc47fefdca52cf5899 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...
MAL-2026-2948 Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
PT-2026-33785
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
CVE-2026-32105
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...
Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
MAL-2026-2837 Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
Exploit for CVE-2026-29000
CVE-2026-29000: Proof of Concept PoC for pac4j-jwt Auth Bypa...
xrdp 安全漏洞
xrdp is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of xrdp 0.10.5 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the message authentication code signature for encrypted RDP packets when the classic R...
MAL-2026-2820 Malicious code in chainutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...
Malicious code in chainutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...